alfa128
-
Compteur de contenus
22 -
Inscription
-
Dernière visite
alfa128's Achievements
Member (4/12)
0
Réputation sur la communauté
-
infection backdoor.win32.bifrose (ou pas)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
nop pas un windows Trust... qu'en dis tu il a l'air infecté ? -
infection backdoor.win32.bifrose (ou pas)
alfa128 a posté un sujet dans Analyses et éradication malwares
bonsoir, j'ai ete tres recemment infecté par le virus bifrose sur 3 de mes machines et grace aux precieux conseils des admins du site jai pu le resoudre sur 2 postes. jai donc formaté le 3eme pour que tous soit propre mais jai reutilise des supports de stockage qui ont de grandes chances detre encore verrolés. qqun peut il jeter un oeil sur le rapport RSIT ci joint et mindiquer si je suis toujours sujet a la bestiole bifrose ?? ceci dans l'optique deviter detre reinfecté une fois de plus par un simple oubli du virus sur une cle usb quelconque... ci joint le rapport RSIT pour un laptop LG equipe de winxp pro (avec 3 support de stockage branché) log.txt : Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-02-15 23:24:51 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 70 GB (92%) free of 76 GB Total RAM: 766 MB (45% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:16, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\mmm.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\WinMover\WinMover.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Notepad++\notepad++.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [iE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- End of file - 4715 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"=RunDll32 cmicnfg.cpl [] "Mmm"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WinMover"=C:\Program Files\WinMover\WinMover.exe [2005-12-02 10240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-25 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMBalloonTip"=0 "NoSMConfigurePrograms"=1 "ForceClassicControlPanel"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-02-15 23:24:52 ----D---- C:\Program Files\trend micro 2009-02-15 23:24:51 ----D---- C:\rsit 2009-02-15 21:21:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2009-02-15 21:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-15 21:21:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-15 19:40:57 ----D---- C:\WINDOWS\Sun 2009-02-15 19:34:02 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-02-15 19:29:08 ----A---- C:\WINDOWS\system32\h323log.txt 2009-02-15 19:28:16 ----A---- C:\WINDOWS\system32\hidserv.dll 2009-02-15 19:27:54 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\wshirda.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irmon.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irftp.exe 2009-02-15 19:25:35 ----A---- C:\WINDOWS\system32\usbui.dll 2009-02-15 19:24:00 ----A---- C:\WINDOWS\system32\OLD6.tmp 2009-02-15 19:23:59 ----D---- C:\WINDOWS\LastGood 2009-02-15 19:22:22 ----A---- C:\WINDOWS\imsins.BAK 2009-02-15 19:22:19 ----SHD---- C:\WINDOWS\Installer 2009-02-15 19:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-15 19:22:18 ----D---- C:\Program Files\Fichiers communs\ODBC 2009-02-15 19:22:18 ----A---- C:\WINDOWS\ODBCINST.INI 2009-02-15 19:22:14 ----D---- C:\Program Files\Fichiers communs\SpeechEngines 2009-02-15 19:22:13 ----RD---- C:\Program Files 2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdro.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\irclass.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-02-15 19:21:57 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-02-15 19:21:57 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-02-15 19:21:56 ----A---- C:\WINDOWS\system32\batt.dll 2009-02-15 19:21:55 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-02-15 19:21:53 ----A---- C:\WINDOWS\system32\storprop.dll 2009-02-15 19:21:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-02-15 19:21:34 ----RA---- C:\WINDOWS\SET8.tmp 2009-02-15 19:21:31 ----RA---- C:\WINDOWS\SET4.tmp 2009-02-15 19:21:28 ----RA---- C:\WINDOWS\SET3.tmp 2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-15 19:21:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-15 19:20:40 ----A---- C:\WINDOWS\setuplog.txt 2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2r32.dll 2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2c32.dll 2009-02-15 19:19:30 ----A---- C:\WINDOWS\system32\udaprop.dll 2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmudax.dll 2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmirmdrv.dll 2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\Audio3D.dll 2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\a3d.dll 2009-02-15 19:19:16 ----A---- C:\WINDOWS\system32\cmirmdrv.exe 2009-02-15 19:18:05 ----D---- C:\Program Files\Kaspersky Lab 2009-02-15 19:18:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-02-15 19:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 19:14:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities 2009-02-15 19:14:53 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-02-15 19:14:44 ----HD---- C:\Program Files\Uninstall Information 2009-02-15 19:13:26 ----A---- C:\WINDOWS\system32\Oemdspif.dll 2009-02-15 19:13:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\ativvaxx.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atitvo32.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atipdlxx.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atiok3x2.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atioglxx.dll 2009-02-15 19:12:38 ----A---- C:\WINDOWS\system32\atioglx2.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\Atioglgl.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atikvmag.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atiiiexx.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDDC.DLL 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati3duag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2evxx.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2edxx.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2dvag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2cqag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\amdpcom32.dll 2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe 2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\ati2evxx.exe 2009-02-15 19:11:52 ----D---- C:\Program Files\D-Tools 2009-02-15 19:11:46 ----D---- C:\Program Files\Unlocker 2009-02-15 19:11:38 ----D---- C:\WINDOWS\system32\Adobe 2009-02-15 19:11:26 ----D---- C:\Program Files\Media Player Classic 2009-02-15 19:11:21 ----D---- C:\Program Files\Combined Community Codec Pack 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5032.dll 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5016.dll 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pncrt.dll 2009-02-15 19:11:07 ----D---- C:\Program Files\Real Alternative 2009-02-15 19:11:07 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2009-02-15 19:11:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Real 2009-02-15 19:10:58 ----D---- C:\Program Files\QT Lite 2009-02-15 19:10:53 ----D---- C:\Program Files\Chrono Shutdown 2009-02-15 19:10:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-02-15 19:10:41 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-02-15 19:10:41 ----D---- C:\Program Files\Adobe 2009-02-15 19:09:59 ----SHD---- C:\System Volume Information 2009-02-15 19:09:59 ----D---- C:\Documents and Settings 2009-02-15 19:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems 2009-02-15 19:09:48 ----D---- C:\Program Files\Fichiers communs\ACD Systems 2009-02-15 19:09:48 ----D---- C:\Program Files\ACD Systems 2009-02-15 19:09:29 ----SH---- C:\boot.ini 2009-02-15 19:09:24 ----D---- C:\Program Files\DAMN NFO Viewer 2009-02-15 19:09:17 ----D---- C:\Program Files\Windows Live Safety Center 2009-02-15 19:09:11 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-02-15 19:09:06 ----D---- C:\Program Files\Windows Live 2009-02-15 19:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink 2009-02-15 19:08:35 ----D---- C:\Program Files\InstallShield Installation Information 2009-02-15 19:08:35 ----D---- C:\Program Files\Fichiers communs\CyberLink 2009-02-15 19:08:06 ----D---- C:\Program Files\CyberLink 2009-02-15 19:07:57 ----A---- C:\WINDOWS\system32\msxml3a.dll 2009-02-15 19:07:21 ----D---- C:\Program Files\ImgBurn 2009-02-15 19:07:19 ----D---- C:\Program Files\WinRAR 2009-02-15 19:06:40 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-02-15 19:06:01 ----D---- C:\WINDOWS\system32\XPSViewer 2009-02-15 19:06:01 ----D---- C:\Program Files\MSBuild 2009-02-15 19:06:00 ----D---- C:\WINDOWS\system32\en-us 2009-02-15 19:05:56 ----D---- C:\Program Files\Reference Assemblies 2009-02-15 19:05:47 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-02-15 19:05:47 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-02-15 19:05:43 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll 2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XpsSvcs.dll 2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XPSSHHDR.dll 2009-02-15 19:05:34 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-02-15 19:05:17 ----D---- C:\Program Files\PuTTY 2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Wc.com 2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Vbar332.dll 2009-02-15 19:05:10 ----A---- C:\WINDOWS\system32\Upxgui.exe 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Replacer.cmd 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2InfHandler.cmd 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2inf.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msrd2x35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjter35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjint35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjet35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Modifype.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.dll 2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\MakeISO.cmd 2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\LCISOCreator.exe 2009-02-15 19:05:04 ----A---- C:\WINDOWS\IsUninst.exe 2009-02-15 19:04:59 ----A---- C:\WINDOWS\system32\HFExtract.exe 2009-02-15 19:04:56 ----A---- C:\WINDOWS\system32\FGCBAHandler.exe 2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\Fgcba.exe 2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\eXPander.exe 2009-02-15 19:04:54 ----D---- C:\WINDOWS\system32\Console 2009-02-15 19:04:54 ----D---- C:\Program Files\Epsilon Squared 2009-02-15 19:04:52 ----D---- C:\Program Files\Utilitaires 2009-02-15 19:04:52 ----D---- C:\Program Files\CMenu 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cdimage.exe 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabtool.exe 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabarc.exe 2009-02-15 19:04:47 ----D---- C:\Program Files\WinMover 2009-02-15 19:04:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\EliasAE 2009-02-15 19:04:36 ----D---- C:\Program Files\FlashFXP 2009-02-15 19:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\FlashFXP 2009-02-15 19:04:30 ----A---- C:\WINDOWS\system32\notepad.original.exe 2009-02-15 19:04:30 ----A---- C:\WINDOWS\notepad.original.exe 2009-02-15 19:04:28 ----D---- C:\Program Files\Notepad++ 2009-02-15 19:04:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Notepad++ 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\TwnLib4.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXRA7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXR7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXpr7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagX7.dll 2009-02-15 19:04:03 ----D---- C:\Program Files\Nero 2009-02-15 19:04:03 ----D---- C:\Documents and Settings\All Users\Application Data\Nero 2009-02-15 19:04:02 ----D---- C:\Program Files\Fichiers communs\Nero 2009-02-15 19:03:49 ----D---- C:\Program Files\MSECache 2009-02-15 19:03:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-15 19:03:42 ----RSD---- C:\WINDOWS\Fonts 2009-02-15 19:03:42 ----RD---- C:\WINDOWS\Web 2009-02-15 19:03:42 ----HD---- C:\WINDOWS\inf 2009-02-15 19:03:42 ----D---- C:\WINDOWS\WinSxS 2009-02-15 19:03:42 ----D---- C:\WINDOWS\twain_32 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Temp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wins 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wbem 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\usmt 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\spool 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ShellExt 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Setup 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ras 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\PreInstall 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\oobe 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\npp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\mui 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Macromed 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\inetsrv 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\IME 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\icsxml 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ias 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr-fr 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\export 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\drivers 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\dhcp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\config 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3com_dmi 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3076 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\2052 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1054 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1042 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1041 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1037 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1036 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1033 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1031 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1028 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1025 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system 2009-02-15 19:03:42 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-15 19:03:42 ----D---- C:\WINDOWS\security 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Resources 2009-02-15 19:03:42 ----D---- C:\WINDOWS\repair 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Provisioning 2009-02-15 19:03:42 ----D---- C:\WINDOWS\PeerNet 2009-02-15 19:03:42 ----D---- C:\WINDOWS\pchealth 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Network Diagnostic 2009-02-15 19:03:42 ----D---- C:\WINDOWS\mui 2009-02-15 19:03:42 ----D---- C:\WINDOWS\msapps 2009-02-15 19:03:42 ----D---- C:\WINDOWS\msagent 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Media 2009-02-15 19:03:42 ----D---- C:\WINDOWS\L2Schemas 2009-02-15 19:03:42 ----D---- C:\WINDOWS\java 2009-02-15 19:03:42 ----D---- C:\WINDOWS\ime 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Help 2009-02-15 19:03:42 ----D---- C:\WINDOWS\ehome 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Driver Cache 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Debug 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Cursors 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Connection Wizard 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Config 2009-02-15 19:03:42 ----D---- C:\WINDOWS\AppPatch 2009-02-15 19:03:42 ----D---- C:\WINDOWS\addins 2009-02-15 19:03:42 ----D---- C:\WINDOWS 2009-02-15 18:54:31 ----D---- C:\Program Files\Microsoft Works 2009-02-15 18:54:00 ----D---- C:\Program Files\Microsoft Visual Studio 2009-02-15 18:54:00 ----D---- C:\Program Files\Fichiers communs\DESIGNER 2009-02-15 18:53:30 ----D---- C:\Program Files\Microsoft.NET 2009-02-15 18:51:07 ----SD---- C:\WINDOWS\system32\Microsoft 2009-02-15 18:50:16 ----D---- C:\WINDOWS\SHELLNEW 2009-02-15 18:49:31 ----D---- C:\Program Files\Microsoft Office 2009-02-15 18:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-02-15 18:49:04 ----RHD---- C:\MSOCache 2009-02-15 18:47:56 ----D---- C:\Program Files\Mozilla Thunderbird 2009-02-15 18:47:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2009-02-15 18:47:28 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaws.exe 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaw.exe 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\java.exe 2009-02-15 18:46:42 ----D---- C:\Program Files\Java 2009-02-15 18:46:40 ----D---- C:\Program Files\Fichiers communs\Java 2009-02-15 18:46:34 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun 2009-02-15 18:44:55 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2009-02-15 18:44:55 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini 2009-02-15 18:42:08 ----A---- C:\WINDOWS\system32\cmdow.exe 2009-02-15 18:39:46 ----D---- C:\WINDOWS\system32\URTTemp 2009-02-15 18:39:01 ----RSD---- C:\WINDOWS\assembly 2009-02-15 18:39:01 ----D---- C:\WINDOWS\Microsoft.NET 2009-02-15 18:38:47 ----A---- C:\WINDOWS\control.ini 2009-02-15 18:38:47 ----A---- C:\AUTOEXEC.BAT 2009-02-15 18:38:30 ----A---- C:\WINDOWS\OEWABLog.txt 2009-02-15 18:38:24 ----D---- C:\Program Files\Microsoft Silverlight 2009-02-15 18:38:24 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-02-15 18:37:04 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-02-15 18:36:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-02-15 18:36:47 ----HD---- C:\Program Files\WindowsUpdate 2009-02-15 18:36:41 ----D---- C:\Program Files\Services en ligne 2009-02-15 18:36:20 ----D---- C:\WINDOWS\system32\DirectX 2009-02-15 18:36:10 ----A---- C:\WINDOWS\system32\atrace.dll 2009-02-15 18:36:08 ----A---- C:\WINDOWS\system32\desktop.ini 2009-02-15 18:36:07 ----A---- C:\WINDOWS\desktop.ini 2009-02-15 18:36:01 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-02-15 18:36:00 ----A---- C:\WINDOWS\system32\acctres.dll 2009-02-15 18:35:59 ----D---- C:\Program Files\Fichiers communs\Services 2009-02-15 18:35:56 ----SD---- C:\WINDOWS\Tasks 2009-02-15 18:35:56 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-02-15 18:35:55 ----D---- C:\Program Files\Fichiers communs\MSSoap 2009-02-15 18:35:51 ----D---- C:\WINDOWS\srchasst 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wups.dll 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.685515.bak 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.685390.bak 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-02-15 18:35:40 ----D---- C:\Program Files\Movie Maker 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-02-15 18:35:13 ----D---- C:\WINDOWS\system32\Restore 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srclient.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\ils.dll 2009-02-15 18:35:11 ----A---- C:\WINDOWS\system32\msconf.dll 2009-02-15 18:35:07 ----D---- C:\Program Files\NetMeeting 2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-02-15 18:35:05 ----A---- C:\WINDOWS\system32\inetres.dll 2009-02-15 18:35:04 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-02-15 18:35:02 ----D---- C:\Program Files\Outlook Express 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstask.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\isign32.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-02-15 18:34:54 ----D---- C:\Program Files\Fichiers communs\System 2009-02-15 18:33:50 ----D---- C:\Program Files\ComPlus Applications 2009-02-15 18:33:47 ----A---- C:\WINDOWS\vbaddin.ini 2009-02-15 18:33:47 ----A---- C:\WINDOWS\vb.ini 2009-02-15 18:33:39 ----D---- C:\WINDOWS\Registration 2009-02-15 18:33:13 ----D---- C:\Program Files\Windows Media Connect 2 2009-02-15 18:33:12 ----D---- C:\Program Files\Windows Media Player 2009-02-15 18:33:02 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2009-02-15 18:33:01 ----A---- C:\WINDOWS\system32\vb40032.dll 2009-02-15 18:33:00 ----A---- C:\WINDOWS\system32\ssleay32.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\openal32.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvcp70.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvci70.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstkprp.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstdfmt.dll 2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71u.dll 2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71.dll 2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70u.dll 2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70.dll 2009-02-15 18:32:53 ----A---- C:\WINDOWS\system32\libssl32.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libmmd.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libintl3.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libiconv2.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\zlib1.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\libeay32.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\cygwinb19.dll 2009-02-15 18:32:50 ----A---- C:\WINDOWS\system32\cygwin1.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\autoitx3.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl71.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl70.dll 2009-02-15 18:32:01 ----RD---- C:\WINDOWS\Offline Web Pages 2009-02-15 18:32:01 ----A---- C:\WINDOWS\system32\winfxdocobj.exe 2009-02-15 18:32:00 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-15 18:31:59 ----D---- C:\WINDOWS\wbem 2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedssync.exe 2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-02-15 18:31:57 ----A---- C:\WINDOWS\system32\ieframe.dll.mui 2009-02-15 18:31:55 ----A---- C:\WINDOWS\system32\advpack.dll.mui 2009-02-15 18:31:53 ----D---- C:\Program Files\Internet Explorer 2009-02-15 18:31:50 ----D---- C:\Program Files\MSN Gaming Zone 2009-02-15 18:31:50 ----A---- C:\WINDOWS\system32\write.exe 2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\hticons.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\winchat.exe 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avwav.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\getuname.dll 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\charmap.exe 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\calc.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\winmine.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\sol.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tskill.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tscon.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\shadow.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\reset.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\regini.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\freecell.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msg.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\logoff.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-02-15 18:31:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-02-15 18:31:20 ----D---- C:\Program Files\Windows NT 2009-02-15 18:31:20 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\spider.exe 2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tsgqec.dll 2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\aaclient.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-02-15 18:31:15 ----D---- C:\WINDOWS\system32\MsDtc 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-02-15 18:31:12 ----D---- C:\WINDOWS\system32\Com 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\stclient.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\colbact.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comuid.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-02-15 18:31:10 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-02-15 18:31:04 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\cmprops.dll ======List of files/folders modified in the last 1 months====== 2009-02-15 19:22:11 ----A---- C:\WINDOWS\system.ini 2009-02-15 19:07:53 ----A---- C:\WINDOWS\system32\msxml3r.dll 2009-02-15 18:38:44 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-06-25 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-06-25 14720] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-15 226832] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-06-25 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-08-15 1287296] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-06-25 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-06-25 10368] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-06-25 61824] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-06-25 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2915ABG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-29 288896] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-06-25 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-25 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-06-25 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- info.txt info.txt logfile of random's system information tool 1.05 2009-02-15 23:25:20 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} ACDSee 10 Gestionnaire de photos-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player-->MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Attribute Changer 6.0a-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,AttributeChanger.Uninstall Chrono Shutdown-->rundll32.exe advpack.dll,LaunchINFSection chrono.inf,ChronoShutdown.Uninstall ClipName-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ClipName.Uninstall C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe CMenu-->"C:\Program Files\CMenu\CMenu.exe" /uninstall Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE} Console 2-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Console.Uninstall CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38} File Case Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,FileCase.Uninstall FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u HashTab 2.1-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,HashTab.Uninstall HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe" InstallWatch Pro 2.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Epsilon Squared\InstallWatch Pro\Uninst.isu" Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} MakeISO-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MakeISO.Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mmm-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MMM.Uninstall ModifyPE-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ModifyPE.Uninstall Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe Nero 8 Lite 8.3.2.1b-->"C:\Program Files\Nero\unins000.exe" Notepad++-->C:\Program Files\Notepad++\uninstall.exe PuTTY-->rundll32.exe advpack.dll,LaunchINFSection PuTTY.inf,PuTTY.Uninstall QT Lite 2.6.0-->"C:\Program Files\QT Lite\unins000.exe" Real Alternative 1.8.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe" RefreshEM-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RefreshEM.Uninstall Reg File Merger-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegMerger.Uninstall RegShot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegShot.Uninstall Replacer-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Replacer.Uninstall Resource Hacker-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ResHacker.Uninstall Run Program Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RunWith.Uninstall Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3} Unlocker 1.8.7-->rundll32.exe advpack.dll,LaunchINFSection Unlocker.inf,Unlocker.Uninstall Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb950378)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E} Utilitaires "Envoyer vers"-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,SendTo.Uninstall WhyReboot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,WhyReboot.Uninstall Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Vista Wallpapers-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VWall.inf,RemoveVWallpapers WinMover 3.2.0.6-->"C:\Program Files\WinMover\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XPero's eXPander-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,eXPander.Uninstall ======Security center information====== AV: Kaspersky Internet Security FW: Kaspersky Internet Security System event log Computer Name: SWEET-B1E093CFD Event Code: 3260 Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'. Record Number: 5 Source Name: Workstation Time Written: 20090215183056.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 6011 Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers SWEET-B1E093CFD. Record Number: 4 Source Name: EventLog Time Written: 20090215182913.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 2 Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée. Record Number: 3 Source Name: Serial Time Written: 20090215191023.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 2 Source Name: EventLog Time Written: 20090215191009.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20090215191009.000000+060 Event Type: Informations User: Application event log Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20090215183333.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 4 Source Name: LoadPerf Time Written: 20090215183328.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20090215183050.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 2 Source Name: LoadPerf Time Written: 20090215183023.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1 Source Name: LoadPerf Time Written: 20090215182925.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- tout a lair nickel pour moi mais je peux me tromper.... merci davance -
infection backdoor.win32.bifrose sur NC10 (ou pas) RESOLU
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
oui jai lu le post, en fait jai eu deja affaire a ce tpe dinfection et celle la javais reussi a la combattre! jy ai passe pas mal de temps mais javai reussi grace a combofix dailleurs... cest les gens com toi qui me font kiffer l'informatique! encore bien joué! -
infection backdoor.win32.bifrose sur NC10 (ou pas) RESOLU
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
magnifique !!!! non plus de symptome depuis la restauration a letat initial de la bete! par contre avant la restau cetait exactement le meme probleme alors la cest vraiment la fete ! ok, alors prochaine resolution ne plus utiliser un seul support de stockage sur ce poste !! dans la foulee je cree un dernier poste pour verifier le LG et tous les supports de stockage utilises dessus. en tout cas merci et merci encore jy ai npeut etre passe un peu de temps mais jai echappe a un formattage qui maurais bouffe enormement de temps! CLEAN! -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
si un jour tu es dispo pour me former, je suis plus qu'interressé !!!! pour dire vrai, ca me fait tiquer que toutes ces aides soient benevoles, quand je pense que je bosse dans une boite d'infogerance dont je tairais evidemment le nom et que le quart ny connaisse rien en info, jme dis que taurais largement ta place plutot que bosser gratos, mais le sacrifice n'a pas de prix lol ! pour etre vraiment honnete, je nutilise pas dantivirus original car je lai achete une fois et resultat jme suis retrouve infecté.. je sais cest mal et je merite des coups de fouets mais cest un autre debat... mais bon jvais peut etre craque pour acheter une vrai protec.. gdata peut etre ? sinon en antivirus gratuit, avira reste le meilleur non ? et merci encore pour l'attention, la reactivite et tout le temps passé! -
infection backdoor.win32.bifrose sur NC10 (ou pas) RESOLU
alfa128 a posté un sujet dans Analyses et éradication malwares
bonsoir et remerci pour tous les precieux conseils prodigues et a tous les benevoles qui font vivre ce site! jai tres recemment ete infecté par bifrose, jai donc lancer une restauration du NC10 a son etat initial et installe la version dessai du dernier virus scan. je voudrais savoir si je suis toujours infecté et m'immuniser contre ce vers particulierement volatile. alors ci joint le RSIT : info.txt info.txt logfile of random's system information tool 1.05 2009-02-16 00:23:00 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Atheros WLAN Client-->"C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe" -runfromtemp -l0x040c -removeonly Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall imagine digital freedom - Samsung-->MsiExec.exe /X{8E106A57-A17E-431D-B48F-175E42EB9F74} Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} Magic Keyboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\Setup.exe" -l0x9 Remove Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Namuga 1.3M Webcam-->C:\Program Files\InstallShield Installation Information\{71A51B59-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly Play Camera-->C:\Program Files\InstallShield Installation Information\{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}\setup.exe -runfromtemp -l0x040c Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly Samsung Battery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\Setup.exe" -l0x40c Remove Samsung EDS-->MsiExec.exe /X{ABB14904-A11B-4F42-996C-80FD608A0F17} Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x40c Remove Samsung Network Manager 2.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735} /l1036 Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung Update Plus-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1036 Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall User Guide-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x40c Remove WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" ======Security center information====== AV: McAfee VirusScan FW: McAfee Personal Firewall System event log Computer Name: NC10 Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 5 Source Name: EventLog Time Written: 20090215232856.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 4 Source Name: EventLog Time Written: 20090215232856.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 3 Source Name: EventLog Time Written: 20090115015616.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 1074 Message: Le processus winlogon.exe a initialisé le redémarrage de NC10 pour la raison suivante : Aucun titre à cette raison n'a pu être trouvé Raison mineure : 0xff Type d'arrêt : redémarrer. Commentaire : System rebooting. Record Number: 2 Source Name: USER32 Time Written: 20090115015604.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NC10 Event Code: 115 Message: Le suivi de la Restauration système a été activé sur tous les lecteurs. Record Number: 1 Source Name: SRService Time Written: 20090115015254.000000+060 Event Type: Informations User: Application event log Computer Name: NC10 Event Code: 11707 Message: Produit : Play Camera -- Installation terminée. Record Number: 5 Source Name: MsiInstaller Time Written: 20090115015539.000000+060 Event Type: Informations User: NC10\Andre Computer Name: NC10 Event Code: 11707 Message: Produit : WIDCOMM Bluetooth Software -- Installation terminée. Record Number: 4 Source Name: MsiInstaller Time Written: 20090115015518.000000+060 Event Type: Informations User: NC10\Andre Computer Name: NC10 Event Code: 0 Message: Record Number: 3 Source Name: btwdins Time Written: 20090115015517.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 0 Message: Record Number: 2 Source Name: btwdins Time Written: 20090115015516.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 11728 Message: Product: WebFldrs XP -- La configuration s'est terminée correctement. Record Number: 1 Source Name: MsiInstaller Time Written: 20090115015324.000000+060 Event Type: Informations User: NC10\Andre ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=1c02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- log.txt infLogfile of random's system information tool 1.05 (written by random/random) Run by Andre at 2009-02-16 00:22:38 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 66 GB (91%) free of 73 GB Total RAM: 1014 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:22:57, on 16/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe C:\Program Files\Secunia\PSI\psi.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Andre\Bureau\RSIT.exe C:\Program Files\trend micro\Andre.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe O4 - HKLM\..\Run: [batteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: McAfee Application Installer Cleanup (0294161234737087) (0294161234737087mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\029416~1.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe -- End of file - 6360 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2008-10-28 36972] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344] ""= [] "EDS"=C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [2007-12-20 659456] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-28 1044480] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944] "BatteryManager"=C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2008-10-07 2768896] "MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-14 151552] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-04 582992] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-02-16 00:22:39 ----D---- C:\Program Files\trend micro 2009-02-16 00:22:38 ----D---- C:\rsit 2009-02-16 00:17:42 ----D---- C:\Program Files\Secunia 2009-02-16 00:09:58 ----D---- C:\WINDOWS\LastGood 2009-02-16 00:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-02-16 00:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-02-16 00:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-02-16 00:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-02-16 00:02:46 ----D---- C:\WINDOWS\ie7updates 2009-02-16 00:02:19 ----D---- C:\WINDOWS\WBEM 2009-02-16 00:01:04 ----HDC---- C:\WINDOWS\ie7 2009-02-16 00:00:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 2009-02-16 00:00:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 2009-02-15 23:57:11 ----A---- C:\WINDOWS\system32\MRT.exe 2009-02-15 23:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-02-15 23:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$ 2009-02-15 23:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-02-15 23:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-02-15 23:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-02-15 23:51:06 ----D---- C:\Documents and Settings\Andre\Application Data\Mozilla 2009-02-15 23:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-02-15 23:50:46 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 23:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-02-15 23:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$ 2009-02-15 23:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-02-15 23:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-02-15 23:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-02-15 23:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-02-15 23:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-02-15 23:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2009-02-15 23:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-02-15 23:48:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-02-15 23:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-02-15 23:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-02-15 23:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-02-15 23:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-02-15 23:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-02-15 23:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-02-15 23:47:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-02-15 23:47:11 ----SHD---- C:\Config.Msi 2009-02-15 23:43:17 ----D---- C:\Documents and Settings\Andre\Application Data\Macromedia 2009-02-15 23:40:01 ----D---- C:\WINDOWS\system32\PreInstall 2009-02-15 23:39:59 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-02-15 23:39:58 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-02-15 23:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2009-02-15 23:39:56 ----HD---- C:\WINDOWS\$hf_mig$ 2009-02-15 23:33:19 ----D---- C:\WINDOWS\system32\SoftwareDistribution ======List of files/folders modified in the last 1 months====== 2009-02-16 08:22:41 ----D---- C:\WINDOWS\WinClon 2009-02-16 00:22:48 ----D---- C:\WINDOWS\Temp 2009-02-16 00:22:39 ----RD---- C:\Program Files 2009-02-16 00:20:08 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-16 00:17:45 ----HD---- C:\WINDOWS\inf 2009-02-16 00:17:45 ----D---- C:\WINDOWS\system32\drivers 2009-02-16 00:10:28 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-16 00:10:07 ----D---- C:\WINDOWS 2009-02-16 00:10:06 ----D---- C:\WINDOWS\system32 2009-02-16 00:08:31 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-16 00:08:27 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-16 00:08:11 ----D---- C:\WINDOWS\Help 2009-02-16 00:08:11 ----D---- C:\Program Files\Internet Explorer 2009-02-16 00:07:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-16 00:05:21 ----A---- C:\WINDOWS\imsins.BAK 2009-02-16 00:05:07 ----D---- C:\Program Files\Messenger 2009-02-16 00:02:58 ----D---- C:\WINDOWS\system32\fr-fr 2009-02-16 00:02:24 ----D---- C:\WINDOWS\system32\config 2009-02-16 00:02:11 ----D---- C:\WINDOWS\Media 2009-02-15 23:47:52 ----D---- C:\WINDOWS\WinSxS 2009-02-15 23:47:23 ----SHD---- C:\WINDOWS\Installer 2009-02-15 23:46:43 ----SD---- C:\Documents and Settings\Andre\Application Data\Microsoft 2009-02-15 23:31:25 ----D---- C:\Program Files\McAfee ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952] R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS [] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-10-08 1334432] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DNSeFilter;DNSeFilter; C:\WINDOWS\system32\drivers\SamsungEDS.sys [2008-01-14 30208] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4753920] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240] R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-12-10 7808] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-28 224736] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VMC326;Vimicro Camera Service VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [2008-09-23 238464] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-06-27 289024] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864] R2 SNM WLAN Service;SNM WLAN Service; C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe [2006-10-30 36864] S2 0294161234737087mcinstcleanup;McAfee Application Installer Cleanup (0294161234737087); C:\WINDOWS\TEMP\029416~1.EXE [2008-10-23 315264] S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184] S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624] -----------------EOF----------------- -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
non aucune envie de "jouer", bien au contraire, je bosse dans l'informatique et accessoirement suis en etude dans l'administration reseau. je voulais juste savoir comment m'en servir de maniere propre, en prenant bien soin de ne pas faire d'erreur, ni d'ecriture ni d'interpré.. mais o fait si cest pas indiscret, jespere que votre equipe etes payes pour le temps que vous passez, cest bien la moindre des choses!! donc par contre le kaspersky jai mis le 2009, fo ke je repasse sous le 7, jpense qu'on va debrancher le reseaupour etre sur de pas ce faire reinfecter ca parait plus sage !! puis-je tembeter pour le NC10? En fait jai fait une restore, installe la version essai de Virus Scan et tout ma lair propre... je voudrais juste etre sur ke tout est clean.. puis-je t'envoyer un rapport de la machine ? (info + log) PS : je n'ai toujours pas identifié la source du virus, soit clé usb, soit en provenance d'un fichier Skype, bref en tout cas c'est aps moi qui l'ai declenché, moi jai simplement voulu l'eradiquer, jme suis cru plus malin que lui et par ce fait l'ai amené a infecter ma machine! loin d'etre malin finalement !!!! En tout cas je te remercierais jamais assez et si thabite dans la region rhones alpes, on peut aller boire un pot un de ces 4 lool -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
ok, je suis tes instructions.. tembetent pas pour eliminer les outils utilises pas besoin... rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:48:08, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 9122 bytes -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
oui desole je m'emballe un peu !!! )) oui le DESKTOP semble vraiment ok, merci bcp cetait le plus important !! enfin jpeux presque dormir tranquille !!!! comment jpeux m'imuniser pour la suite ?? jpeux repasser sous KAP 7 tu pense ? tu veux qu'on ouvre un autre thread pour le NC10 ? Chui desole de te prendre tout ton temps mais il fo absolument que je me debarrasse du virus sur le NC10 avant mardi... le LG peut largement attendre en tout cas -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
ci joint le Rapport RSIT du DESKTOP (peut etre plus utile et moins depaysant, on a commence avec celui la) Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-02-15 23:28:44 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 19 GB (15%) free of 130 GB Total RAM: 2047 MB (75% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:28:52, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 9119 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 398912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0124123D-61B4-456f-AF86-78C53A0790C5} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-18 1185264] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-18 1961576] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-02 13680640] "nwiz"=nwiz.exe /install [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-02 86016] "QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672] "Orb"=C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2008-04-01 507904] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3321856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-04-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide" "C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\far cry 2\bin\FarCry2.exe"="D:\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2" "D:\far cry 2\bin\FC2Launcher.exe"="D:\far cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater" "D:\far cry 2\bin\FC2Editor.exe"="D:\far cry 2\bin\FC2Editor.exe:*:Enabled:Editeur" "D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV" "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}] shell\AutoRun\command - H:\InstallTomTomHOME.exe ======List of files/folders created in the last 1 months====== 2009-02-15 21:53:13 ----A---- C:\ComboFix.txt 2009-02-15 21:36:24 ----D---- C:\WINDOWS\temp 2009-02-15 20:51:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-15 20:43:56 ----D---- C:\Qoobox 2009-02-15 19:33:56 ----A---- C:\WINDOWS\ntbtlog.txt 2009-02-15 17:57:55 ----SHD---- C:\#GDATA.Trash.Store# 2009-02-15 17:48:40 ----SHD---- C:\Config.Msi 2009-02-15 17:23:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR 2009-02-15 17:13:12 ----D---- C:\WINDOWS\ERUNT 2009-02-15 15:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\Fichiers communs\G DATA 2009-02-15 14:40:07 ----D---- C:\VundoFix Backups 2009-02-15 14:40:07 ----A---- C:\VundoFix.txt 2009-02-15 12:38:11 ----D---- C:\rsit 2009-02-15 12:38:11 ----D---- C:\Program Files\trend micro 2009-02-15 12:29:48 ----A---- C:\Boot.bak 2009-02-15 12:29:38 ----RASHD---- C:\cmdcons 2009-02-15 12:28:29 ----A---- C:\WINDOWS\zip.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\VFIND.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWSC.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWREG.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\sed.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\NIRCMD.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\grep.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\fdsv.exe 2009-02-15 12:27:07 ----D---- C:\WINDOWS\ERDNT 2009-02-11 19:11:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-02-11 19:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-02-11 19:10:54 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-02-11 19:10:54 ----D---- C:\Program Files\AVS4YOU 2009-02-05 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2009-02-03 19:37:15 ----D---- C:\Program Files\EA Games 2009-01-18 13:07:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-01-17 16:00:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneAid 2009-01-17 16:00:10 ----D---- C:\Program Files\DigiDNA ======List of files/folders modified in the last 1 months====== 2009-02-15 23:25:27 ----D---- C:\WINDOWS\Prefetch 2009-02-15 23:05:47 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-15 23:03:55 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-02-15 22:55:48 ----D---- C:\WINDOWS\system32\drivers 2009-02-15 22:54:28 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 21:57:20 ----D---- C:\WINDOWS 2009-02-15 21:54:56 ----SHD---- C:\WINDOWS\Installer 2009-02-15 21:54:43 ----HD---- C:\WINDOWS\inf 2009-02-15 21:54:26 ----D---- C:\WINDOWS\system32 2009-02-15 21:52:10 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-15 21:48:33 ----A---- C:\WINDOWS\system.ini 2009-02-15 21:47:45 ----SHD---- C:\WINDOWS\CSC 2009-02-15 21:47:34 ----D---- C:\Program Files\SuperCopier2 2009-02-15 21:46:37 ----D---- C:\WINDOWS\system32\config 2009-02-15 21:46:03 ----D---- C:\WINDOWS\AppPatch 2009-02-15 21:46:03 ----D---- C:\Program Files\Fichiers communs 2009-02-15 21:45:25 ----D---- C:\WINDOWS\system32\Restore 2009-02-15 21:44:55 ----SHD---- C:\System Volume Information 2009-02-15 18:03:24 ----D---- C:\Program Files\Kaspersky Lab 2009-02-15 17:36:36 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-02-15 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-15 17:15:32 ----D---- C:\WINDOWS\system32\dllcache 2009-02-15 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 16:16:39 ----D---- C:\Program Files\eMule 2009-02-15 15:48:44 ----RD---- C:\Program Files 2009-02-15 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Minidump 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Debug 2009-02-15 12:29:48 ----RASH---- C:\boot.ini 2009-02-15 11:53:44 ----D---- C:\Downloads 2009-02-11 19:46:36 ----D---- C:\DVDVideoSoft 2009-02-11 18:45:16 ----D---- C:\Temp 2009-02-11 18:11:44 ----D---- C:\Program Files\BitComet 2009-02-07 15:06:23 ----A---- C:\WINDOWS\avisplitter.INI 2009-02-04 18:52:46 ----D---- C:\Program Files\WinSCP 2009-02-03 19:37:15 ----D---- C:\WINDOWS\system32\DirectX 2009-02-03 19:37:07 ----RSD---- C:\WINDOWS\assembly 2009-01-18 13:06:56 ----D---- C:\WINDOWS\WinSxS 2009-01-17 18:41:39 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft 2009-01-17 18:39:01 ----D---- C:\Program Files\DVDVideoSoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-15 226832] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-24 39264] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-04-02 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-02 6209536] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-24 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-24 10368] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 afkqojxi;afkqojxi; C:\WINDOWS\system32\drivers\afkqojxi.sys [] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv [] S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-02 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp [] S4 Sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-02 163908] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-25 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
pas de soucis je metais remis sur le LG formatte tout frais, donc si il recrache c pas grav, lessentiel c que le desktop fonctionne.. ci joint rapport , mais a partir du LG cles usb branchés : info.txt logfile of random's system information tool 1.05 2009-02-15 23:25:20 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} ACDSee 10 Gestionnaire de photos-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player-->MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Attribute Changer 6.0a-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,AttributeChanger.Uninstall Chrono Shutdown-->rundll32.exe advpack.dll,LaunchINFSection chrono.inf,ChronoShutdown.Uninstall ClipName-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ClipName.Uninstall C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe CMenu-->"C:\Program Files\CMenu\CMenu.exe" /uninstall Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE} Console 2-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Console.Uninstall CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38} File Case Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,FileCase.Uninstall FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u HashTab 2.1-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,HashTab.Uninstall HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe" InstallWatch Pro 2.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Epsilon Squared\InstallWatch Pro\Uninst.isu" Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} MakeISO-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MakeISO.Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mmm-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MMM.Uninstall ModifyPE-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ModifyPE.Uninstall Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe Nero 8 Lite 8.3.2.1b-->"C:\Program Files\Nero\unins000.exe" Notepad++-->C:\Program Files\Notepad++\uninstall.exe PuTTY-->rundll32.exe advpack.dll,LaunchINFSection PuTTY.inf,PuTTY.Uninstall QT Lite 2.6.0-->"C:\Program Files\QT Lite\unins000.exe" Real Alternative 1.8.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe" RefreshEM-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RefreshEM.Uninstall Reg File Merger-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegMerger.Uninstall RegShot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegShot.Uninstall Replacer-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Replacer.Uninstall Resource Hacker-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ResHacker.Uninstall Run Program Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RunWith.Uninstall Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3} Unlocker 1.8.7-->rundll32.exe advpack.dll,LaunchINFSection Unlocker.inf,Unlocker.Uninstall Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb950378)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E} Utilitaires "Envoyer vers"-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,SendTo.Uninstall WhyReboot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,WhyReboot.Uninstall Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Vista Wallpapers-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VWall.inf,RemoveVWallpapers WinMover 3.2.0.6-->"C:\Program Files\WinMover\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XPero's eXPander-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,eXPander.Uninstall ======Security center information====== AV: Kaspersky Internet Security FW: Kaspersky Internet Security System event log Computer Name: SWEET-B1E093CFD Event Code: 3260 Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'. Record Number: 5 Source Name: Workstation Time Written: 20090215183056.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 6011 Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers SWEET-B1E093CFD. Record Number: 4 Source Name: EventLog Time Written: 20090215182913.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 2 Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée. Record Number: 3 Source Name: Serial Time Written: 20090215191023.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 2 Source Name: EventLog Time Written: 20090215191009.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20090215191009.000000+060 Event Type: Informations User: Application event log Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20090215183333.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 4 Source Name: LoadPerf Time Written: 20090215183328.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20090215183050.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 2 Source Name: LoadPerf Time Written: 20090215183023.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1 Source Name: LoadPerf Time Written: 20090215182925.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- et ci joint le log RSIT Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-02-15 23:24:51 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 70 GB (92%) free of 76 GB Total RAM: 766 MB (45% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:16, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\mmm.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\WinMover\WinMover.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Notepad++\notepad++.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [iE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- End of file - 4715 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"=RunDll32 cmicnfg.cpl [] "Mmm"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WinMover"=C:\Program Files\WinMover\WinMover.exe [2005-12-02 10240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-25 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMBalloonTip"=0 "NoSMConfigurePrograms"=1 "ForceClassicControlPanel"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-02-15 23:24:52 ----D---- C:\Program Files\trend micro 2009-02-15 23:24:51 ----D---- C:\rsit 2009-02-15 21:21:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2009-02-15 21:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-15 21:21:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-15 19:40:57 ----D---- C:\WINDOWS\Sun 2009-02-15 19:34:02 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-02-15 19:29:08 ----A---- C:\WINDOWS\system32\h323log.txt 2009-02-15 19:28:16 ----A---- C:\WINDOWS\system32\hidserv.dll 2009-02-15 19:27:54 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\wshirda.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irmon.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irftp.exe 2009-02-15 19:25:35 ----A---- C:\WINDOWS\system32\usbui.dll 2009-02-15 19:24:00 ----A---- C:\WINDOWS\system32\OLD6.tmp 2009-02-15 19:23:59 ----D---- C:\WINDOWS\LastGood 2009-02-15 19:22:22 ----A---- C:\WINDOWS\imsins.BAK 2009-02-15 19:22:19 ----SHD---- C:\WINDOWS\Installer 2009-02-15 19:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-15 19:22:18 ----D---- C:\Program Files\Fichiers communs\ODBC 2009-02-15 19:22:18 ----A---- C:\WINDOWS\ODBCINST.INI 2009-02-15 19:22:14 ----D---- C:\Program Files\Fichiers communs\SpeechEngines 2009-02-15 19:22:13 ----RD---- C:\Program Files 2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdro.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\irclass.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-02-15 19:21:57 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-02-15 19:21:57 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-02-15 19:21:56 ----A---- C:\WINDOWS\system32\batt.dll 2009-02-15 19:21:55 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-02-15 19:21:53 ----A---- C:\WINDOWS\system32\storprop.dll 2009-02-15 19:21:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-02-15 19:21:34 ----RA---- C:\WINDOWS\SET8.tmp 2009-02-15 19:21:31 ----RA---- C:\WINDOWS\SET4.tmp 2009-02-15 19:21:28 ----RA---- C:\WINDOWS\SET3.tmp 2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-15 19:21:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-15 19:20:40 ----A---- C:\WINDOWS\setuplog.txt 2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2r32.dll 2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2c32.dll 2009-02-15 19:19:30 ----A---- C:\WINDOWS\system32\udaprop.dll 2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmudax.dll 2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmirmdrv.dll 2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\Audio3D.dll 2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\a3d.dll 2009-02-15 19:19:16 ----A---- C:\WINDOWS\system32\cmirmdrv.exe 2009-02-15 19:18:05 ----D---- C:\Program Files\Kaspersky Lab 2009-02-15 19:18:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-02-15 19:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 19:14:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities 2009-02-15 19:14:53 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-02-15 19:14:44 ----HD---- C:\Program Files\Uninstall Information 2009-02-15 19:13:26 ----A---- C:\WINDOWS\system32\Oemdspif.dll 2009-02-15 19:13:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\ativvaxx.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atitvo32.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atipdlxx.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atiok3x2.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atioglxx.dll 2009-02-15 19:12:38 ----A---- C:\WINDOWS\system32\atioglx2.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\Atioglgl.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atikvmag.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atiiiexx.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDDC.DLL 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati3duag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2evxx.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2edxx.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2dvag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2cqag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\amdpcom32.dll 2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe 2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\ati2evxx.exe 2009-02-15 19:11:52 ----D---- C:\Program Files\D-Tools 2009-02-15 19:11:46 ----D---- C:\Program Files\Unlocker 2009-02-15 19:11:38 ----D---- C:\WINDOWS\system32\Adobe 2009-02-15 19:11:26 ----D---- C:\Program Files\Media Player Classic 2009-02-15 19:11:21 ----D---- C:\Program Files\Combined Community Codec Pack 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5032.dll 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5016.dll 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pncrt.dll 2009-02-15 19:11:07 ----D---- C:\Program Files\Real Alternative 2009-02-15 19:11:07 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2009-02-15 19:11:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Real 2009-02-15 19:10:58 ----D---- C:\Program Files\QT Lite 2009-02-15 19:10:53 ----D---- C:\Program Files\Chrono Shutdown 2009-02-15 19:10:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-02-15 19:10:41 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-02-15 19:10:41 ----D---- C:\Program Files\Adobe 2009-02-15 19:09:59 ----SHD---- C:\System Volume Information 2009-02-15 19:09:59 ----D---- C:\Documents and Settings 2009-02-15 19:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems 2009-02-15 19:09:48 ----D---- C:\Program Files\Fichiers communs\ACD Systems 2009-02-15 19:09:48 ----D---- C:\Program Files\ACD Systems 2009-02-15 19:09:29 ----SH---- C:\boot.ini 2009-02-15 19:09:24 ----D---- C:\Program Files\DAMN NFO Viewer 2009-02-15 19:09:17 ----D---- C:\Program Files\Windows Live Safety Center 2009-02-15 19:09:11 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-02-15 19:09:06 ----D---- C:\Program Files\Windows Live 2009-02-15 19:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink 2009-02-15 19:08:35 ----D---- C:\Program Files\InstallShield Installation Information 2009-02-15 19:08:35 ----D---- C:\Program Files\Fichiers communs\CyberLink 2009-02-15 19:08:06 ----D---- C:\Program Files\CyberLink 2009-02-15 19:07:57 ----A---- C:\WINDOWS\system32\msxml3a.dll 2009-02-15 19:07:21 ----D---- C:\Program Files\ImgBurn 2009-02-15 19:07:19 ----D---- C:\Program Files\WinRAR 2009-02-15 19:06:40 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-02-15 19:06:01 ----D---- C:\WINDOWS\system32\XPSViewer 2009-02-15 19:06:01 ----D---- C:\Program Files\MSBuild 2009-02-15 19:06:00 ----D---- C:\WINDOWS\system32\en-us 2009-02-15 19:05:56 ----D---- C:\Program Files\Reference Assemblies 2009-02-15 19:05:47 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-02-15 19:05:47 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-02-15 19:05:43 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll 2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XpsSvcs.dll 2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XPSSHHDR.dll 2009-02-15 19:05:34 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-02-15 19:05:17 ----D---- C:\Program Files\PuTTY 2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Wc.com 2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Vbar332.dll 2009-02-15 19:05:10 ----A---- C:\WINDOWS\system32\Upxgui.exe 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Replacer.cmd 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2InfHandler.cmd 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2inf.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msrd2x35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjter35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjint35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjet35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Modifype.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.dll 2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\MakeISO.cmd 2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\LCISOCreator.exe 2009-02-15 19:05:04 ----A---- C:\WINDOWS\IsUninst.exe 2009-02-15 19:04:59 ----A---- C:\WINDOWS\system32\HFExtract.exe 2009-02-15 19:04:56 ----A---- C:\WINDOWS\system32\FGCBAHandler.exe 2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\Fgcba.exe 2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\eXPander.exe 2009-02-15 19:04:54 ----D---- C:\WINDOWS\system32\Console 2009-02-15 19:04:54 ----D---- C:\Program Files\Epsilon Squared 2009-02-15 19:04:52 ----D---- C:\Program Files\Utilitaires 2009-02-15 19:04:52 ----D---- C:\Program Files\CMenu 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cdimage.exe 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabtool.exe 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabarc.exe 2009-02-15 19:04:47 ----D---- C:\Program Files\WinMover 2009-02-15 19:04:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\EliasAE 2009-02-15 19:04:36 ----D---- C:\Program Files\FlashFXP 2009-02-15 19:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\FlashFXP 2009-02-15 19:04:30 ----A---- C:\WINDOWS\system32\notepad.original.exe 2009-02-15 19:04:30 ----A---- C:\WINDOWS\notepad.original.exe 2009-02-15 19:04:28 ----D---- C:\Program Files\Notepad++ 2009-02-15 19:04:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Notepad++ 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\TwnLib4.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXRA7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXR7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXpr7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagX7.dll 2009-02-15 19:04:03 ----D---- C:\Program Files\Nero 2009-02-15 19:04:03 ----D---- C:\Documents and Settings\All Users\Application Data\Nero 2009-02-15 19:04:02 ----D---- C:\Program Files\Fichiers communs\Nero 2009-02-15 19:03:49 ----D---- C:\Program Files\MSECache 2009-02-15 19:03:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-15 19:03:42 ----RSD---- C:\WINDOWS\Fonts 2009-02-15 19:03:42 ----RD---- C:\WINDOWS\Web 2009-02-15 19:03:42 ----HD---- C:\WINDOWS\inf 2009-02-15 19:03:42 ----D---- C:\WINDOWS\WinSxS 2009-02-15 19:03:42 ----D---- C:\WINDOWS\twain_32 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Temp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wins 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wbem 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\usmt 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\spool 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ShellExt 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Setup 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ras 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\PreInstall 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\oobe 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\npp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\mui 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Macromed 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\inetsrv 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\IME 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\icsxml 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ias 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr-fr 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\export 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\drivers 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\dhcp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\config 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3com_dmi 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3076 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\2052 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1054 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1042 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1041 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1037 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1036 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1033 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1031 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1028 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1025 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system 2009-02-15 19:03:42 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-15 19:03:42 ----D---- C:\WINDOWS\security 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Resources 2009-02-15 19:03:42 ----D---- C:\WINDOWS\repair 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Provisioning 2009-02-15 19:03:42 ----D---- C:\WINDOWS\PeerNet 2009-02-15 19:03:42 ----D---- C:\WINDOWS\pchealth 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Network Diagnostic 2009-02-15 19:03:42 ----D---- C:\WINDOWS\mui 2009-02-15 19:03:42 ----D---- C:\WINDOWS\msapps 2009-02-15 19:03:42 ----D---- C:\WINDOWS\msagent 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Media 2009-02-15 19:03:42 ----D---- C:\WINDOWS\L2Schemas 2009-02-15 19:03:42 ----D---- C:\WINDOWS\java 2009-02-15 19:03:42 ----D---- C:\WINDOWS\ime 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Help 2009-02-15 19:03:42 ----D---- C:\WINDOWS\ehome 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Driver Cache 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Debug 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Cursors 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Connection Wizard 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Config 2009-02-15 19:03:42 ----D---- C:\WINDOWS\AppPatch 2009-02-15 19:03:42 ----D---- C:\WINDOWS\addins 2009-02-15 19:03:42 ----D---- C:\WINDOWS 2009-02-15 18:54:31 ----D---- C:\Program Files\Microsoft Works 2009-02-15 18:54:00 ----D---- C:\Program Files\Microsoft Visual Studio 2009-02-15 18:54:00 ----D---- C:\Program Files\Fichiers communs\DESIGNER 2009-02-15 18:53:30 ----D---- C:\Program Files\Microsoft.NET 2009-02-15 18:51:07 ----SD---- C:\WINDOWS\system32\Microsoft 2009-02-15 18:50:16 ----D---- C:\WINDOWS\SHELLNEW 2009-02-15 18:49:31 ----D---- C:\Program Files\Microsoft Office 2009-02-15 18:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-02-15 18:49:04 ----RHD---- C:\MSOCache 2009-02-15 18:47:56 ----D---- C:\Program Files\Mozilla Thunderbird 2009-02-15 18:47:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2009-02-15 18:47:28 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaws.exe 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaw.exe 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\java.exe 2009-02-15 18:46:42 ----D---- C:\Program Files\Java 2009-02-15 18:46:40 ----D---- C:\Program Files\Fichiers communs\Java 2009-02-15 18:46:34 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun 2009-02-15 18:44:55 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2009-02-15 18:44:55 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini 2009-02-15 18:42:08 ----A---- C:\WINDOWS\system32\cmdow.exe 2009-02-15 18:39:46 ----D---- C:\WINDOWS\system32\URTTemp 2009-02-15 18:39:01 ----RSD---- C:\WINDOWS\assembly 2009-02-15 18:39:01 ----D---- C:\WINDOWS\Microsoft.NET 2009-02-15 18:38:47 ----A---- C:\WINDOWS\control.ini 2009-02-15 18:38:47 ----A---- C:\AUTOEXEC.BAT 2009-02-15 18:38:30 ----A---- C:\WINDOWS\OEWABLog.txt 2009-02-15 18:38:24 ----D---- C:\Program Files\Microsoft Silverlight 2009-02-15 18:38:24 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-02-15 18:37:04 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-02-15 18:36:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-02-15 18:36:47 ----HD---- C:\Program Files\WindowsUpdate 2009-02-15 18:36:41 ----D---- C:\Program Files\Services en ligne 2009-02-15 18:36:20 ----D---- C:\WINDOWS\system32\DirectX 2009-02-15 18:36:10 ----A---- C:\WINDOWS\system32\atrace.dll 2009-02-15 18:36:08 ----A---- C:\WINDOWS\system32\desktop.ini 2009-02-15 18:36:07 ----A---- C:\WINDOWS\desktop.ini 2009-02-15 18:36:01 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-02-15 18:36:00 ----A---- C:\WINDOWS\system32\acctres.dll 2009-02-15 18:35:59 ----D---- C:\Program Files\Fichiers communs\Services 2009-02-15 18:35:56 ----SD---- C:\WINDOWS\Tasks 2009-02-15 18:35:56 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-02-15 18:35:55 ----D---- C:\Program Files\Fichiers communs\MSSoap 2009-02-15 18:35:51 ----D---- C:\WINDOWS\srchasst 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wups.dll 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.685515.bak 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.685390.bak 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-02-15 18:35:40 ----D---- C:\Program Files\Movie Maker 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-02-15 18:35:13 ----D---- C:\WINDOWS\system32\Restore 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srclient.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\ils.dll 2009-02-15 18:35:11 ----A---- C:\WINDOWS\system32\msconf.dll 2009-02-15 18:35:07 ----D---- C:\Program Files\NetMeeting 2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-02-15 18:35:05 ----A---- C:\WINDOWS\system32\inetres.dll 2009-02-15 18:35:04 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-02-15 18:35:02 ----D---- C:\Program Files\Outlook Express 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstask.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\isign32.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-02-15 18:34:54 ----D---- C:\Program Files\Fichiers communs\System 2009-02-15 18:33:50 ----D---- C:\Program Files\ComPlus Applications 2009-02-15 18:33:47 ----A---- C:\WINDOWS\vbaddin.ini 2009-02-15 18:33:47 ----A---- C:\WINDOWS\vb.ini 2009-02-15 18:33:39 ----D---- C:\WINDOWS\Registration 2009-02-15 18:33:13 ----D---- C:\Program Files\Windows Media Connect 2 2009-02-15 18:33:12 ----D---- C:\Program Files\Windows Media Player 2009-02-15 18:33:02 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2009-02-15 18:33:01 ----A---- C:\WINDOWS\system32\vb40032.dll 2009-02-15 18:33:00 ----A---- C:\WINDOWS\system32\ssleay32.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\openal32.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvcp70.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvci70.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstkprp.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstdfmt.dll 2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71u.dll 2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71.dll 2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70u.dll 2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70.dll 2009-02-15 18:32:53 ----A---- C:\WINDOWS\system32\libssl32.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libmmd.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libintl3.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libiconv2.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\zlib1.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\libeay32.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\cygwinb19.dll 2009-02-15 18:32:50 ----A---- C:\WINDOWS\system32\cygwin1.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\autoitx3.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl71.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl70.dll 2009-02-15 18:32:01 ----RD---- C:\WINDOWS\Offline Web Pages 2009-02-15 18:32:01 ----A---- C:\WINDOWS\system32\winfxdocobj.exe 2009-02-15 18:32:00 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-15 18:31:59 ----D---- C:\WINDOWS\wbem 2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedssync.exe 2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-02-15 18:31:57 ----A---- C:\WINDOWS\system32\ieframe.dll.mui 2009-02-15 18:31:55 ----A---- C:\WINDOWS\system32\advpack.dll.mui 2009-02-15 18:31:53 ----D---- C:\Program Files\Internet Explorer 2009-02-15 18:31:50 ----D---- C:\Program Files\MSN Gaming Zone 2009-02-15 18:31:50 ----A---- C:\WINDOWS\system32\write.exe 2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\hticons.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\winchat.exe 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avwav.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\getuname.dll 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\charmap.exe 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\calc.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\winmine.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\sol.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tskill.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tscon.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\shadow.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\reset.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\regini.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\freecell.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msg.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\logoff.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-02-15 18:31:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-02-15 18:31:20 ----D---- C:\Program Files\Windows NT 2009-02-15 18:31:20 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\spider.exe 2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tsgqec.dll 2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\aaclient.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-02-15 18:31:15 ----D---- C:\WINDOWS\system32\MsDtc 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-02-15 18:31:12 ----D---- C:\WINDOWS\system32\Com 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\stclient.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\colbact.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comuid.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-02-15 18:31:10 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-02-15 18:31:04 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\cmprops.dll ======List of files/folders modified in the last 1 months====== 2009-02-15 19:22:11 ----A---- C:\WINDOWS\system.ini 2009-02-15 19:07:53 ----A---- C:\WINDOWS\system32\msxml3r.dll 2009-02-15 18:38:44 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-06-25 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-06-25 14720] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-15 226832] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-06-25 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-08-15 1287296] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-06-25 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-06-25 10368] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-06-25 61824] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-06-25 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2915ABG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-29 288896] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-06-25 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-25 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-06-25 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
alors apres avoir mis les 2 cles usb utilises, oui javais un autorun.inf sur l'une que jai degagé et sur les 2 winjpg.jpg ? c quoi ce truc la ? quoi qu'il en soit je lai shooté! tu me conseil quoi com antivirus ? je remet kap 7 ? -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
oui je vient juste de rebrancher le reseau, je transferais tout les logs par cle usb a partir dun autre poste jusqu'a present... comment puis la desinfecter ? bizarrement le nouveau poste fraichement formate et equipe de AMB et Kasp 2009 eval na rien remarque... tu pense qu'il est deja infecté ? (ca a pas l'air) jai applique la commande regedit, elle a lair detre passé. par contre les 2 "sc delete" ont pas l'air detre passé edit : apres reboot tout semble aller pour le mieux! merci bcp! maintenant il faudrait que je nettoie le NC10 meme apres restore je suis persuade quil est infecté... -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
donc ya juste l'erreur winjpg.jpg au demarrage sinon les choses semblent s'arranger! pour le NC10 malgres tous mes scans et rescan et combofix rien ny fait il faut bien un script personnalisé. jai donc lancer une restauration a letat initial voir si ca le supprime et puis pour profiter de virus scan gratuit pendant 3 mois. -
infection backdoor.win32.bifrose (Resolu)
alfa128 a répondu à un(e) sujet de alfa128 dans Analyses et éradication malwares
okay, en tout cas cest bien sympa de ta part! rapport RSIT: Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-02-15 22:27:32 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 19 GB (15%) free of 130 GB Total RAM: 2047 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:27:38, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 9266 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 398912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0124123D-61B4-456f-AF86-78C53A0790C5} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-18 1185264] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-18 1961576] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-02 13680640] "nwiz"=nwiz.exe /install [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-02 86016] "QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "CTFMON"=C:\WINDOWS\system32\wscript.exe [2008-04-13 155648] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672] "Orb"=C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2008-04-01 507904] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3321856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-04-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide" "C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\far cry 2\bin\FarCry2.exe"="D:\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2" "D:\far cry 2\bin\FC2Launcher.exe"="D:\far cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater" "D:\far cry 2\bin\FC2Editor.exe"="D:\far cry 2\bin\FC2Editor.exe:*:Enabled:Editeur" "D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV" "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf05ed0f-f9f0-11dd-baaa-001bfca3cfa9}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}] shell\AutoRun\command - H:\InstallTomTomHOME.exe ======List of files/folders created in the last 1 months====== 2009-02-15 21:53:13 ----A---- C:\ComboFix.txt 2009-02-15 21:36:24 ----D---- C:\WINDOWS\temp 2009-02-15 20:51:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-15 20:43:56 ----D---- C:\Qoobox 2009-02-15 19:33:56 ----A---- C:\WINDOWS\ntbtlog.txt 2009-02-15 17:57:55 ----SHD---- C:\#GDATA.Trash.Store# 2009-02-15 17:48:40 ----SHD---- C:\Config.Msi 2009-02-15 17:23:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR 2009-02-15 17:13:12 ----D---- C:\WINDOWS\ERUNT 2009-02-15 15:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\Fichiers communs\G DATA 2009-02-15 14:40:07 ----D---- C:\VundoFix Backups 2009-02-15 14:40:07 ----A---- C:\VundoFix.txt 2009-02-15 12:38:11 ----D---- C:\rsit 2009-02-15 12:38:11 ----D---- C:\Program Files\trend micro 2009-02-15 12:29:48 ----A---- C:\Boot.bak 2009-02-15 12:29:38 ----RASHD---- C:\cmdcons 2009-02-15 12:28:29 ----A---- C:\WINDOWS\zip.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\VFIND.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWSC.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWREG.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\sed.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\NIRCMD.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\grep.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\fdsv.exe 2009-02-15 12:27:07 ----D---- C:\WINDOWS\ERDNT 2009-02-11 19:11:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-02-11 19:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-02-11 19:10:54 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-02-11 19:10:54 ----D---- C:\Program Files\AVS4YOU 2009-02-05 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2009-02-03 19:37:15 ----D---- C:\Program Files\EA Games 2009-01-18 13:07:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-01-17 16:00:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneAid 2009-01-17 16:00:10 ----D---- C:\Program Files\DigiDNA ======List of files/folders modified in the last 1 months====== 2009-02-15 22:21:21 ----D---- C:\WINDOWS\Prefetch 2009-02-15 21:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-02-15 21:57:20 ----D---- C:\WINDOWS 2009-02-15 21:54:56 ----SHD---- C:\WINDOWS\Installer 2009-02-15 21:54:43 ----HD---- C:\WINDOWS\inf 2009-02-15 21:54:43 ----D---- C:\WINDOWS\system32\drivers 2009-02-15 21:54:26 ----D---- C:\WINDOWS\system32 2009-02-15 21:52:10 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-15 21:48:33 ----A---- C:\WINDOWS\system.ini 2009-02-15 21:47:45 ----SHD---- C:\WINDOWS\CSC 2009-02-15 21:47:34 ----D---- C:\Program Files\SuperCopier2 2009-02-15 21:46:37 ----D---- C:\WINDOWS\system32\config 2009-02-15 21:46:03 ----D---- C:\WINDOWS\AppPatch 2009-02-15 21:46:03 ----D---- C:\Program Files\Fichiers communs 2009-02-15 21:45:25 ----D---- C:\WINDOWS\system32\Restore 2009-02-15 21:44:55 ----SHD---- C:\System Volume Information 2009-02-15 18:03:24 ----D---- C:\Program Files\Kaspersky Lab 2009-02-15 17:36:36 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-02-15 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-15 17:15:32 ----D---- C:\WINDOWS\system32\dllcache 2009-02-15 16:50:44 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 16:16:39 ----D---- C:\Program Files\eMule 2009-02-15 15:48:44 ----RD---- C:\Program Files 2009-02-15 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Minidump 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Debug 2009-02-15 12:29:48 ----RASH---- C:\boot.ini 2009-02-15 11:53:44 ----D---- C:\Downloads 2009-02-11 19:46:36 ----D---- C:\DVDVideoSoft 2009-02-11 18:45:16 ----D---- C:\Temp 2009-02-11 18:11:44 ----D---- C:\Program Files\BitComet 2009-02-07 15:06:23 ----A---- C:\WINDOWS\avisplitter.INI 2009-02-04 18:52:46 ----D---- C:\Program Files\WinSCP 2009-02-03 19:37:15 ----D---- C:\WINDOWS\system32\DirectX 2009-02-03 19:37:07 ----RSD---- C:\WINDOWS\assembly 2009-01-18 13:06:56 ----D---- C:\WINDOWS\WinSxS 2009-01-17 18:41:39 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft 2009-01-17 18:39:01 ----D---- C:\Program Files\DVDVideoSoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664] R1 FNETDEVI;FNETDEVI; \??\C:\WINDOWS\system32\drivers\FNETDEVI.SYS [] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-10-27 227344] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-24 39264] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-04-02 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-02 6209536] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-24 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-24 10368] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 adbjglnc;adbjglnc; C:\WINDOWS\system32\drivers\adbjglnc.sys [] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv [] S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-02 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp [] S4 Sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-02 163908] R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-25 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF-----------------