Aller au contenu

Zouco

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    12

  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Male
  • Localisation
    Belgique

Autres informations

  • Mes langues
    français anglais

Zouco's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Zouco
    Bonjour, Ok je fait tout ça ce soir ou demain. Encore merci ton aide et félicitation pour ce site.
  2. Zouco
    Bonsoir, Désolé de ne pas avoir répondu plus tôt, la journée à été longue. Depuis le dernier passage de CF il n'y a plus eu d'apparition de fenêtre publicitaire. voici le rapport de malwarebytes. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 5499 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/01/2011 22:48:41 mbam-log-2011-01-10 (22-48-41).txt Type d'examen: Examen rapide Elément(s) analysé(s): 173253 Temps écoulé: 7 minute(s), 20 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Rien n'a été détecté. pouvons nous conclure que le problème est résolu? qu'est-ce qui a pu contaminer la machine. Cordialement Zouco
  3. Zouco
    Bonsoir, Je n'ai pas réussi à lancé aucun des deux scanner online. Pour EST scan j'ai le même message et bitdefender IE plante. Voila le rapport ComboFix. Des fichiers ont encore été supprimés. Au démarrage CF a demandé si je voulais faire une mise à jour, par précaution j'ai répondu non. le Rapport. ComboFix 11-01-08.04 - Daniel 09/01/2011 19:05:14.4.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1317 [GMT 1:00] Lancé depuis: d:\documents and settings\Daniel\Bureau\ComboFix.exe Commutateurs utilisés :: d:\documents and settings\Daniel\Bureau\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} FILE :: "c:\windows\system32\Ionic.Zip.Reduced.dll" "c:\windows\system32\Utils.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Installer c:\program files\Installer\Ionic.Zip.Reduced.dll c:\program files\Installer\lnetworker.exe c:\program files\Installer\networker.exe c:\program files\Installer\Utils.dll c:\windows\BackupIP c:\windows\BackupIP\Ionic.Zip.Reduced.dll c:\windows\BackupIP\pref_updater.exe c:\windows\BackupIP\service.exe c:\windows\BackupIP\Utils.dll c:\windows\system32\Ionic.Zip.Reduced.dll c:\windows\system32\Utils.dll . --------------- FCopy --------------- c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\TCPIP.SYS c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_sdmBackupIP -------\Legacy_sdmBackupIP -------\Service_sdmBackupIP -------\Service_sdmBackupIP ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-09 au 2011-01-09 )))))))))))))))))))))))))))))))))))) . 2011-01-09 17:41 . 2010-11-10 04:33 6273872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9C5E8A4-144E-419D-B86D-ACC0D750450D}\mpengine.dll 2011-01-08 11:11 . 2011-01-08 11:26 -------- d-----w- C:\Ad-Remover 2011-01-06 02:00 . 2011-01-06 02:00 -------- d-sh--w- d:\documents and settings\Default User\IETldCache 2011-01-03 15:20 . 2011-01-03 15:20 -------- d-----w- d:\documents and settings\Mathias\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 2010-12-26 14:02 . 2010-12-26 14:02 -------- d-----w- d:\documents and settings\Mathias\Local Settings\Application Data\networker 2010-12-26 13:42 . 2010-12-26 13:42 -------- d-----w- d:\documents and settings\Daniel\Application Data\OMP 2010-12-26 13:42 . 2010-12-26 13:42 -------- d-----w- d:\documents and settings\All Users\Application Data\OMP 2010-12-26 13:41 . 2010-12-26 13:41 -------- d-----w- c:\program files\BanqueManager 2010-12-26 10:44 . 2010-12-26 13:31 -------- d-----w- d:\documents and settings\All Users\Application Data\O.2.C. Marketing 2010-12-26 10:44 . 2010-12-26 13:31 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\WDSetup 2010-12-26 10:36 . 2010-12-26 10:36 -------- d-----w- d:\documents and settings\Daniel\Application Data\OpenOffice.org 2010-12-26 10:34 . 2010-12-26 10:34 -------- d-----w- c:\program files\JRE 2010-12-26 10:33 . 2010-12-26 10:34 -------- d-----w- c:\program files\OpenOffice.org 3 2010-12-25 17:44 . 2010-12-25 17:44 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\networker 2010-12-25 17:43 . 2010-12-25 17:43 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\assembly 2010-12-25 17:41 . 2010-12-25 17:41 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\assembly 2010-12-25 17:41 . 2010-12-25 17:41 -------- d-----w- d:\documents and settings\Mathias\Local Settings\Application Data\assembly 2010-12-25 11:31 . 2010-12-25 11:31 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\Thunderbird 2010-12-25 11:31 . 2010-12-25 11:31 -------- d-----w- d:\documents and settings\Daniel\Application Data\Thunderbird 2010-12-25 11:31 . 2010-12-25 11:31 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-12-25 10:50 . 2010-12-25 10:50 -------- d-----w- d:\documents and settings\Daniel\.idlerc 2010-12-25 10:26 . 2010-12-25 10:26 -------- d-----w- c:\windows\Internet Logs 2010-12-15 09:53 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 09:52 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2010-12-15 08:31 . 2010-12-15 08:31 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\jeuxob.fr 2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\Fichiers communs\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 17:09 . 2008-12-28 23:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2008-12-28 23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:12 . 2004-08-16 17:06 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 17:53 . 2010-11-28 13:49 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 15:34 . 2009-12-16 18:16 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-10 04:33 . 2010-05-18 17:35 6273872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-11-06 00:21 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:21 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:21 . 2004-08-16 16:40 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:26 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-16 16:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:14 . 2004-08-16 16:39 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 14:07 . 2004-08-16 16:41 1853440 ----a-w- c:\windows\system32\win32k.sys 2010-10-19 20:51 . 2010-05-16 13:21 222080 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Skype"="c:\apps\skype\Phone\Skype.exe" [2010-12-03 14944136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304] "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-12-28 90112] "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] "skypeclient.exe"="c:\program files\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2005-08-18 622592] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "HerculesCamService"="c:\program files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2007-02-26 102400] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] "Agent BanqueManager"="c:\program files\BanqueManager\Bin\bmagent32.exe" [2010-11-15 4704256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] d:\documents and settings\Mathias\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] d:\documents and settings\Daniel\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] OFFICE One Notes v6.5.lnk.disabled [2006-2-20 805] Windows Search.lnk.disabled [2009-3-22 1700] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk] path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk backup=c:\windows\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 02:34 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-05-16 10:58 86960 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2005-05-11 12:48 127118 ----a-w- c:\apps\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BOOT"=c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\apps\\skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "46939:UDP"= 46939:UDP:emule UDP R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17/06/2009 14:01 20744] R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvid.sys [09/03/2008 23:05 275072] R3 Atkcfg;Cordless Device Configuration;c:\windows\system32\drivers\atkcfg.sys [18/08/2005 07:30 46592] R3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [09/03/2008 23:05 24192] R3 Gig5gu;Cordless Internet Access;c:\windows\system32\drivers\gig5gu.sys [18/08/2005 07:32 55680] R3 Gigsrf;Cordless Device Line Access;c:\windows\system32\drivers\gigsrf.sys [18/08/2005 07:31 94592] R3 Gigtnc;Cordless PC Control;c:\windows\system32\drivers\gigtnc.sys [18/08/2005 07:31 45440] R3 siellif;siellif;c:\windows\system32\drivers\siellif.sys [01/03/2005 10:33 113408] R3 Sieupapp;Cordless Device Update;c:\windows\system32\drivers\sieupapp.sys [18/08/2005 07:28 32128] S2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;"c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service --> c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/05/2010 21:19 136176] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17/06/2009 14:02 29192] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/06/2009 14:01 25480] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Sieupdfu;Cordless Device in update mode;c:\windows\system32\drivers\sieupdfu.sys [18/08/2005 07:29 32000] S3 USTOR;U-Storage Controller;c:\windows\system32\drivers\UStork.sys [20/02/2006 21:28 20218] S3 whmice2k;Fellowes Web Pro Optical mouse Upper Filter Driver;c:\windows\system32\drivers\whmice2k.sys [16/02/2007 20:27 5797] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contenu du dossier 'Tâches planifiées' 2011-01-09 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-10-03 09:47] 2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 20:18] 2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 20:18] 2011-01-08 c:\windows\Tasks\Important.job - c:\program files\DeltaCopy\Important.dcp [2009-12-15 15:55] 2011-01-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40] 2011-01-09 c:\windows\Tasks\User_Feed_Synchronization-{4DA6EFB8-16E5-4146-ACFA-75679A6A74BB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] 2011-01-09 c:\windows\Tasks\User_Feed_Synchronization-{E768AF4F-5A65-45BE-B28D-9D887499861F}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_search_url = hxxp://www.google.fr mWindow Title = uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: apec.fr\www Trusted Zone: artevod.com\download Trusted Zone: artevod.com\www Trusted Zone: axa.be Trusted Zone: canalplay.com Trusted Zone: canalplusactive.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10815} - hxxp://www.flygimp.com/loadergimp_fr.cab DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} - hxxps://www.canalplay.com/cabs/msway44.cab FF - ProfilePath - d:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\7v9wn3gd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - Ext: Dictionnaire français «Réforme 1990»: [email protected] - %profile%\extensions\[email protected] FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Cooliris: [email protected] - %profile%\extensions\[email protected] FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-installer - c:\program files\Installer\lnetworker.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-01-09 19:13 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1088) c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\apps\HIDSERVICE\HIDSERVICE.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\WgaTray.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\program files\Gigaset DECT\gigaset-m34-software\appsvr.exe c:\windows\system32\rundll32.exe c:\apps\ABoard\AOSD.exe c:\apps\skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2011-01-09 19:18:15 - La machine a redémarré ComboFix-quarantined-files.txt 2011-01-09 18:18 ComboFix2.txt 2011-01-09 10:43 ComboFix3.txt 2008-12-29 12:36 Avant-CF: 6 054 473 728 octets libres Après-CF: 6 057 000 960 octets libres - - End Of File - - C210C21CC7FD7F1DF1011550AFA3835A
  4. Zouco
    Bonjour, Merci de me répondre un dimanche matin. ESET on line scan plante explorer. "En raison d’un module complémentaire malveillant ou présentant un dysfonctionnement, Internet Explorer a dû fermer cette page Web." Rapport Combofix ComboFix 11-01-08.04 - Daniel 09/01/2011 11:31:17.3.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1214 [GMT 1:00] Lancé depuis: d:\documents and settings\Daniel\Bureau\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Fonts\unins000.exe c:\windows\ntvvm.exe c:\windows\system32\Ijl11.dll c:\windows\system32\Thumbs.db c:\windows\Temp\tmp3.tmp c:\windows\wrloginpro.exe d:\documents and settings\Daniel\Mes documents\Readiris.DUS . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-09 au 2011-01-09 )))))))))))))))))))))))))))))))))))) . 2011-01-08 17:32 . 2010-11-10 04:33 6273872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3CA3C4D2-0B56-4F96-A3B0-9F6FF44D7696}\mpengine.dll 2011-01-08 11:11 . 2011-01-08 11:26 -------- d-----w- C:\Ad-Remover 2011-01-06 02:00 . 2011-01-06 02:00 -------- d-sh--w- d:\documents and settings\Default User\IETldCache 2011-01-03 15:20 . 2011-01-03 15:20 -------- d-----w- d:\documents and settings\Mathias\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 2010-12-26 14:02 . 2010-12-26 14:02 -------- d-----w- d:\documents and settings\Mathias\Local Settings\Application Data\networker 2010-12-26 13:42 . 2010-12-26 13:42 -------- d-----w- d:\documents and settings\Daniel\Application Data\OMP 2010-12-26 13:42 . 2010-12-26 13:42 -------- d-----w- d:\documents and settings\All Users\Application Data\OMP 2010-12-26 13:41 . 2010-12-26 13:41 -------- d-----w- c:\program files\BanqueManager 2010-12-26 12:58 . 2010-12-26 12:58 -------- d-----w- c:\program files\Installer 2010-12-26 10:44 . 2010-12-26 13:31 -------- d-----w- d:\documents and settings\All Users\Application Data\O.2.C. Marketing 2010-12-26 10:44 . 2010-12-26 13:31 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\WDSetup 2010-12-26 10:36 . 2010-12-26 10:36 -------- d-----w- d:\documents and settings\Daniel\Application Data\OpenOffice.org 2010-12-26 10:34 . 2010-12-26 10:34 -------- d-----w- c:\program files\JRE 2010-12-26 10:33 . 2010-12-26 10:34 -------- d-----w- c:\program files\OpenOffice.org 3 2010-12-25 17:44 . 2010-12-25 17:44 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\networker 2010-12-25 17:43 . 2010-12-25 17:43 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\assembly 2010-12-25 17:41 . 2010-12-25 17:41 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\assembly 2010-12-25 17:41 . 2010-12-25 17:41 -------- d-----w- d:\documents and settings\Mathias\Local Settings\Application Data\assembly 2010-12-25 17:38 . 2010-12-25 17:38 -------- d-----w- c:\windows\BackupIP 2010-12-25 17:38 . 2010-12-16 16:03 11264 ------w- c:\windows\system32\Utils.dll 2010-12-25 17:38 . 2010-01-20 23:58 197632 ------w- c:\windows\system32\Ionic.Zip.Reduced.dll 2010-12-25 11:31 . 2010-12-25 11:31 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\Thunderbird 2010-12-25 11:31 . 2010-12-25 11:31 -------- d-----w- d:\documents and settings\Daniel\Application Data\Thunderbird 2010-12-25 11:31 . 2010-12-25 11:31 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-12-25 10:50 . 2010-12-25 10:50 -------- d-----w- d:\documents and settings\Daniel\.idlerc 2010-12-25 10:26 . 2010-12-25 10:26 -------- d-----w- c:\windows\Internet Logs 2010-12-15 09:53 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 09:52 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2010-12-15 08:31 . 2010-12-15 08:31 -------- d-----w- d:\documents and settings\Daniel\Local Settings\Application Data\jeuxob.fr 2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\Fichiers communs\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 17:09 . 2008-12-28 23:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2008-12-28 23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:12 . 2004-08-16 17:06 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 17:53 . 2010-11-28 13:49 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 15:34 . 2009-12-16 18:16 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-10 04:33 . 2010-05-18 17:35 6273872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-11-06 00:21 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:21 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:21 . 2004-08-16 16:40 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:26 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-16 16:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:14 . 2004-08-16 16:39 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 14:07 . 2004-08-16 16:41 1853440 ----a-w- c:\windows\system32\win32k.sys 2010-10-19 20:51 . 2010-05-16 13:21 222080 ------w- c:\windows\system32\MpSigStub.exe . ------- Sigcheck ------- [-] 2008-12-21 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2008-12-21 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB913446$\tcpip.sys [7] 2004-08-05 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Skype"="c:\apps\skype\Phone\Skype.exe" [2010-12-03 14944136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304] "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-12-28 90112] "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] "skypeclient.exe"="c:\program files\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2005-08-18 622592] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "HerculesCamService"="c:\program files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2007-02-26 102400] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "installer"="c:\program files\Installer\lnetworker.exe" [2010-12-26 7168] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] "Agent BanqueManager"="c:\program files\BanqueManager\Bin\bmagent32.exe" [2010-11-15 4704256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] d:\documents and settings\Mathias\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] d:\documents and settings\Daniel\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] OFFICE One Notes v6.5.lnk.disabled [2006-2-20 805] Windows Search.lnk.disabled [2009-3-22 1700] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk] path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk backup=c:\windows\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 02:34 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-05-16 10:58 86960 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2005-05-11 12:48 127118 ----a-w- c:\apps\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BOOT"=c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\apps\\skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "46939:UDP"= 46939:UDP:emule UDP R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17/06/2009 14:01 20744] R2 sdmBackupIP;Backup IP Network;c:\windows\BackupIP\service.exe [25/12/2010 18:38 8192] R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvid.sys [09/03/2008 23:05 275072] R3 Atkcfg;Cordless Device Configuration;c:\windows\system32\drivers\atkcfg.sys [18/08/2005 07:30 46592] R3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [09/03/2008 23:05 24192] R3 Gig5gu;Cordless Internet Access;c:\windows\system32\drivers\gig5gu.sys [18/08/2005 07:32 55680] R3 Gigsrf;Cordless Device Line Access;c:\windows\system32\drivers\gigsrf.sys [18/08/2005 07:31 94592] R3 Gigtnc;Cordless PC Control;c:\windows\system32\drivers\gigtnc.sys [18/08/2005 07:31 45440] R3 siellif;siellif;c:\windows\system32\drivers\siellif.sys [01/03/2005 10:33 113408] R3 Sieupapp;Cordless Device Update;c:\windows\system32\drivers\sieupapp.sys [18/08/2005 07:28 32128] S2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;"c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service --> c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/05/2010 21:19 136176] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17/06/2009 14:02 29192] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/06/2009 14:01 25480] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Sieupdfu;Cordless Device in update mode;c:\windows\system32\drivers\sieupdfu.sys [18/08/2005 07:29 32000] S3 USTOR;U-Storage Controller;c:\windows\system32\drivers\UStork.sys [20/02/2006 21:28 20218] S3 whmice2k;Fellowes Web Pro Optical mouse Upper Filter Driver;c:\windows\system32\drivers\whmice2k.sys [16/02/2007 20:27 5797] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contenu du dossier 'Tâches planifiées' 2011-01-09 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-10-03 09:47] 2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 20:18] 2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 20:18] 2011-01-08 c:\windows\Tasks\Important.job - c:\program files\DeltaCopy\Important.dcp [2009-12-15 15:55] 2011-01-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40] 2011-01-09 c:\windows\Tasks\User_Feed_Synchronization-{4DA6EFB8-16E5-4146-ACFA-75679A6A74BB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] 2011-01-09 c:\windows\Tasks\User_Feed_Synchronization-{E768AF4F-5A65-45BE-B28D-9D887499861F}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_search_url = hxxp://www.google.fr mWindow Title = uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: apec.fr\www Trusted Zone: artevod.com\download Trusted Zone: artevod.com\www Trusted Zone: axa.be Trusted Zone: canalplay.com Trusted Zone: canalplusactive.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10815} - hxxp://www.flygimp.com/loadergimp_fr.cab DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} - hxxps://www.canalplay.com/cabs/msway44.cab FF - ProfilePath - d:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\7v9wn3gd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - Ext: Dictionnaire français «Réforme 1990»: [email protected] - %profile%\extensions\[email protected] FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Cooliris: [email protected] - %profile%\extensions\[email protected] FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: yahoo.homepage.dontask - true . . ------- Associations de fichier ------- . .scr=AutoCADScriptFile . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-OoPDFSettingsv6 - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-01-09 11:39 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2188) c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\apps\HIDSERVICE\HIDSERVICE.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\program files\Gigaset DECT\gigaset-m34-software\appsvr.exe c:\apps\ABoard\AOSD.exe c:\windows\system32\wscntfy.exe c:\apps\skype\Plugin Manager\skypePM.exe c:\windows\system32\WgaTray.exe . ************************************************************************** . Heure de fin: 2011-01-09 11:43:42 - La machine a redémarré ComboFix-quarantined-files.txt 2011-01-09 10:43 ComboFix2.txt 2008-12-29 12:36 Avant-CF: 6 158 950 400 octets libres Après-CF: 6 098 632 704 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - FB9929EEADA35062F0A08B539C2C2108 Qui a suprimé certains fichiers
  5. Zouco
    Bonjour, voici les rapports: 2011/01/08 18:11:22.0531 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2011/01/08 18:11:22.0531 ================================================================================ 2011/01/08 18:11:22.0531 SystemInfo: 2011/01/08 18:11:22.0531 2011/01/08 18:11:22.0531 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/08 18:11:22.0531 Product type: Workstation 2011/01/08 18:11:22.0531 ComputerName: PackardBell 2011/01/08 18:11:22.0531 UserName: Daniel 2011/01/08 18:11:22.0531 Windows directory: C:\WINDOWS 2011/01/08 18:11:22.0531 System windows directory: C:\WINDOWS 2011/01/08 18:11:22.0531 Processor architecture: Intel x86 2011/01/08 18:11:22.0531 Number of processors: 2 2011/01/08 18:11:22.0531 Page size: 0x1000 2011/01/08 18:11:22.0531 Boot type: Normal boot 2011/01/08 18:11:22.0531 ================================================================================ 2011/01/08 18:11:22.0703 Initialize success 2011/01/08 18:11:26.0656 ================================================================================ 2011/01/08 18:11:26.0656 Scan started 2011/01/08 18:11:26.0656 Mode: Manual; 2011/01/08 18:11:26.0656 ================================================================================ 2011/01/08 18:11:27.0343 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/01/08 18:11:27.0375 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/08 18:11:27.0421 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/08 18:11:27.0468 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/01/08 18:11:27.0515 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/08 18:11:27.0562 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/01/08 18:11:27.0593 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/01/08 18:11:27.0609 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/01/08 18:11:27.0640 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/01/08 18:11:27.0671 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/01/08 18:11:27.0703 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/01/08 18:11:27.0750 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys 2011/01/08 18:11:27.0781 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\WINDOWS\system32\DRIVERS\aksusb.sys 2011/01/08 18:11:27.0828 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/01/08 18:11:27.0859 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/01/08 18:11:27.0875 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/01/08 18:11:27.0906 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/01/08 18:11:27.0953 APL531 (29c537d74694de38b07b8d0c37bc25c5) C:\WINDOWS\system32\Drivers\HDvid.sys 2011/01/08 18:11:28.0000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/08 18:11:28.0046 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/01/08 18:11:28.0062 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/01/08 18:11:28.0093 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/01/08 18:11:28.0171 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/08 18:11:28.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/08 18:11:28.0234 AtcL002 (cba10ed5a5981fe6122b6e7460df939b) C:\WINDOWS\system32\DRIVERS\l251x86.sys 2011/01/08 18:11:28.0390 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/01/08 18:11:28.0453 Atkcfg (9160901ed75ac248da07bdbf2a3bfbbb) C:\WINDOWS\system32\Drivers\atkcfg.sys 2011/01/08 18:11:28.0500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/08 18:11:28.0546 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/08 18:11:28.0593 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/08 18:11:28.0750 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/01/08 18:11:28.0796 BtHidBus (ac2e61482a57ea50730f8c2679f37040) C:\WINDOWS\system32\Drivers\BtHidBus.sys 2011/01/08 18:11:28.0875 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys 2011/01/08 18:11:28.0906 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/01/08 18:11:28.0953 BTHPORT (ef26202fee56f7607c6b794059df347a) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/01/08 18:11:29.0000 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/01/08 18:11:29.0031 btnetBUs (6783c5c81bfb640469468a80dfa1ccb3) C:\WINDOWS\system32\Drivers\btnetBus.sys 2011/01/08 18:11:29.0062 camfilt (e156c353fcbc05db5dee57be0592f2d4) C:\WINDOWS\system32\Drivers\camfilt.sys 2011/01/08 18:11:29.0109 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/01/08 18:11:29.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/08 18:11:29.0171 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/01/08 18:11:29.0187 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/01/08 18:11:29.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/08 18:11:29.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/08 18:11:29.0312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/08 18:11:29.0406 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/01/08 18:11:29.0468 CnxTrLan (f663e84bd23b0746b5fea2c8c24ed98a) C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys 2011/01/08 18:11:29.0484 CnxTrUsb (329844e6e7e37e2bdbec716311759cf1) C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys 2011/01/08 18:11:29.0531 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/01/08 18:11:29.0593 CxLPT (33a28b28a4b10eb89fdb926226618a3b) C:\WINDOWS\system32\drivers\CxLPT.sys 2011/01/08 18:11:29.0625 CxUSB (31ebb611b45d802ecfcfabe3162fb47c) C:\WINDOWS\system32\DRIVERS\CxUSB.sys 2011/01/08 18:11:29.0656 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/01/08 18:11:29.0671 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/01/08 18:11:29.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/08 18:11:29.0781 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/08 18:11:29.0828 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/08 18:11:29.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/08 18:11:29.0906 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/08 18:11:29.0953 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/01/08 18:11:29.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/08 18:11:30.0015 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/01/08 18:11:30.0078 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/08 18:11:30.0109 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/08 18:11:30.0140 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/08 18:11:30.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/08 18:11:30.0203 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/01/08 18:11:30.0265 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2011/01/08 18:11:30.0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/08 18:11:30.0328 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/08 18:11:30.0390 Gig5gu (8b5f07c16640d0db38fe1324ac4c75e5) C:\WINDOWS\system32\Drivers\gig5gu.sys 2011/01/08 18:11:30.0406 Gigsrf (0cb635edff63f9997dc46d122a2dc41c) C:\WINDOWS\system32\Drivers\gigsrf.sys 2011/01/08 18:11:30.0437 Gigtnc (31643e7b50cef4025bef2829cee5bf68) C:\WINDOWS\system32\Drivers\gigtnc.sys 2011/01/08 18:11:30.0468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/08 18:11:30.0656 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\WINDOWS\system32\drivers\hardlock.sys 2011/01/08 18:11:30.0937 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys 2011/01/08 18:11:30.0984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/01/08 18:11:31.0031 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/01/08 18:11:31.0062 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/01/08 18:11:31.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/08 18:11:31.0140 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/01/08 18:11:31.0171 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/01/08 18:11:31.0218 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/08 18:11:31.0250 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/01/08 18:11:31.0312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/08 18:11:31.0359 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/01/08 18:11:31.0500 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/01/08 18:11:31.0562 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/01/08 18:11:31.0578 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/01/08 18:11:31.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/01/08 18:11:31.0671 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/08 18:11:31.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/08 18:11:31.0734 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/08 18:11:31.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/08 18:11:31.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/08 18:11:31.0828 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/08 18:11:31.0859 IvtBtBUs (01cbb39001afda1152f3fce15ab646ea) C:\WINDOWS\system32\Drivers\IvtBtBus.sys 2011/01/08 18:11:31.0890 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/08 18:11:31.0906 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/01/08 18:11:31.0953 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/08 18:11:32.0000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/08 18:11:32.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/08 18:11:32.0171 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/08 18:11:32.0203 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/08 18:11:32.0234 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/01/08 18:11:32.0296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/08 18:11:32.0328 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 2011/01/08 18:11:32.0359 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/01/08 18:11:32.0390 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/08 18:11:32.0437 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/08 18:11:32.0484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/08 18:11:32.0531 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/08 18:11:32.0562 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/08 18:11:32.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/08 18:11:32.0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/08 18:11:32.0671 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/01/08 18:11:32.0703 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/01/08 18:11:32.0734 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/08 18:11:32.0765 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/01/08 18:11:32.0812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/08 18:11:32.0843 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/01/08 18:11:32.0875 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/08 18:11:32.0921 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/08 18:11:32.0937 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/08 18:11:32.0984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/08 18:11:33.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/08 18:11:33.0046 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/08 18:11:33.0109 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/08 18:11:33.0156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/08 18:11:33.0203 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/08 18:11:33.0265 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/08 18:11:33.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/08 18:11:33.0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/08 18:11:33.0359 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/08 18:11:33.0390 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/01/08 18:11:33.0421 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/08 18:11:33.0468 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/08 18:11:33.0531 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/08 18:11:33.0609 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/01/08 18:11:33.0750 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/01/08 18:11:33.0765 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/01/08 18:11:33.0843 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/08 18:11:33.0875 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/01/08 18:11:33.0906 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/08 18:11:33.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/08 18:11:33.0984 PxHelp20 (f3a3b00666a40c6914b7b2864f7dc1c0) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/08 18:11:34.0015 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/01/08 18:11:34.0046 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/01/08 18:11:34.0062 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/01/08 18:11:34.0093 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/01/08 18:11:34.0125 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/01/08 18:11:34.0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/08 18:11:34.0203 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/08 18:11:34.0250 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/08 18:11:34.0265 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/08 18:11:34.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/08 18:11:34.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/08 18:11:34.0390 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/08 18:11:34.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/08 18:11:34.0468 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/08 18:11:34.0515 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/01/08 18:11:34.0546 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/01/08 18:11:34.0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/08 18:11:34.0718 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/08 18:11:34.0750 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/08 18:11:34.0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/01/08 18:11:34.0875 siellif (a684ce1204c1375479b2eeb0ff85b774) C:\WINDOWS\system32\Drivers\siellif.sys 2011/01/08 18:11:34.0906 Sieupapp (5cb63cdb83856085da3e6b753c5a0e61) C:\WINDOWS\system32\Drivers\Sieupapp.sys 2011/01/08 18:11:34.0937 Sieupdfu (c4ab793be3aaecb424e3bc40a5d23288) C:\WINDOWS\system32\Drivers\Sieupdfu.sys 2011/01/08 18:11:35.0015 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/01/08 18:11:35.0046 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/01/08 18:11:35.0093 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/01/08 18:11:35.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/08 18:11:35.0156 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/08 18:11:35.0203 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/08 18:11:35.0265 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/01/08 18:11:35.0281 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/08 18:11:35.0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/08 18:11:35.0390 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/01/08 18:11:35.0406 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/01/08 18:11:35.0437 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/01/08 18:11:35.0468 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/01/08 18:11:35.0500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/08 18:11:35.0578 Tcpip (a29e1209f925a0e9b330e11da5fc7bab) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/08 18:11:35.0625 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/08 18:11:35.0656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/08 18:11:35.0687 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/08 18:11:35.0734 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/01/08 18:11:35.0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/08 18:11:35.0828 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/01/08 18:11:35.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/08 18:11:35.0937 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/01/08 18:11:35.0968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/08 18:11:35.0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/08 18:11:36.0015 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/08 18:11:36.0046 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/01/08 18:11:36.0078 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/01/08 18:11:36.0109 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/08 18:11:36.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/08 18:11:36.0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/08 18:11:36.0218 USTOR (15fbb30078f795f60803b1244b211c2d) C:\WINDOWS\system32\DRIVERS\UStork.sys 2011/01/08 18:11:36.0296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/08 18:11:36.0343 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/01/08 18:11:36.0375 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/01/08 18:11:36.0406 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/08 18:11:36.0468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/08 18:11:36.0500 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/01/08 18:11:36.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/08 18:11:36.0609 whmice2k (9f0e3db41c9e9472a00648096c76b5b7) C:\WINDOWS\system32\DRIVERS\whmice2k.sys 2011/01/08 18:11:36.0671 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys 2011/01/08 18:11:36.0718 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys 2011/01/08 18:11:36.0781 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys 2011/01/08 18:11:36.0812 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys 2011/01/08 18:11:36.0875 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/01/08 18:11:36.0937 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/01/08 18:11:37.0203 ================================================================================ 2011/01/08 18:11:37.0203 Scan finished 2011/01/08 18:11:37.0203 ================================================================================ 2011/01/08 18:12:28.0875 Deinitialize success GooredFix by jpshortstuff (03.07.10.1) Log created at 18:14 on 08/01/2011 (Daniel) Firefox version 3.6.13 (fr) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [21:47 24/09/2007] {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [21:37 02/01/2009] {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [18:16 16/12/2009] {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [10:33 26/12/2010] {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [13:49 28/11/2010] {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [13:25 26/12/2010] D:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\7v9wn3gd.default\extensions\ [email protected] [10:23 07/02/2010] [email protected] [07:34 19/06/2010] [email protected] [07:34 19/06/2010] {20a82645-c095-46ed-80e3-08825760534b} [08:05 01/05/2010] {E2883E8F-472F-4fb0-9522-AC9BF37916A7} [07:23 20/09/2009] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:06 22/03/2009] "[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:16 16/12/2009] -=E.O.F=- Results of screen317's Security Check version 0.99.8 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Microsoft Security Essentials Microsoft Security Essentials successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 23 Java 6 Update 20 Out of date Java installed! Adobe Flash Player 10.1.102.64 Adobe Reader 9.4.1 - Français Out of date Adobe Reader installed! Mozilla Firefox (3.6.13) Mozilla Thunderbird (3.1.7) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe ``````````End of Log```````````` Il n'y a pas de changement ds le comportement de la machine. mais comme l'apparition des fenêtre est aléatoire cela ne vaut rien dire.
  6. Zouco
    Bonjour, Depuis quelques jours, des fenêtres Firefox intempestives apparaissent sur mon écran, même lorsque Firefox ne tourne pas. j'ai fait des scans avec l'antivirus microsoft, spybbot et malwarebytes qui n'ont rien trouvé. si quelqu'un peut me donner un conseil, d'avance merci.
  7. Zouco

    Winupgro

    Zouco a répondu à un(e) sujet de Zouco dans Analyses et éradication malwares

    Bonjour, Toute cette histoire!!! ça m'apprendra à vouloir faire le malin Sur tes conseils, Je me suis inscrit sur Malware-complaints. Merci encore No.PPP
  8. Zouco

    Winupgro

    Zouco a répondu à un(e) sujet de Zouco dans Analyses et éradication malwares

    Bonsoir Voici le Log de Kaspersky. ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Friday, January 02, 2009 8:33:26 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600) Kaspersky On-line Scanner version : 5.0.84.2 Dernière mise à jour de la base antivirus Kaspersky : 2/01/2009 Enregistrements dans la base antivirus Kaspersky : 1386078 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ F:\ Statistiques de l'analyse: Total d'objets analysés: 123696 Nombre de virus trouvés: 0 Nombre d'objets infectés: 0 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 01:59:59 Nom de l'objet infecté / Nom du virus / Dernière action C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\fwdbglog.txt L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\fwpktlog.txt L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\PackardBell.ldb L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\etc\Hosts.bak L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_7a4.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\ZLT013e3.TMP L'objet est verrouillé ignoré C:\WINDOWS\Temp\ZLT063b9.TMP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp L'objet est verrouillé ignoré D:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\call256.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\callmember256.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chat512.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chatmember256.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chatmsg1024.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chatmsg256.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chatmsg512.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\contactgroup256.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\dyncontent\bundle.dat L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\index2.dat L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\main.lock L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\profile256.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\user1024.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\user256.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\voicemail256.dbb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\SPAMfighter\Logs\Agent.log.txt L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\SPAMfighter\Logs\sfoe0001.log.txt L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Application Data\user60.rdb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Cookies\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Local Settings\Historique\History.IE5\MSHist012009010220090103\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Local Settings\temp\~DFCD33.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\NTUSER.DAT L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\ntuser.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\Daniel\UserData\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\change.log L'objet est verrouillé ignoré Analyse terminée. That's all Falk Merci encore pour ton aide No PPP En faite qu'est ce que ça veut dire No.PPP?
  9. Zouco

    Winupgro

    Zouco a répondu à un(e) sujet de Zouco dans Analyses et éradication malwares

    Ca y est j'ai résolue mes problème de connexion internet. En fait en voulant re-installer zone alarme (qui ne marchait toujours pas) j'ai du arrêter manuellement le service "TrueVector". Suite à ça j'ai récupérer ma connexion et pu installer Zone Alarme. Voila si ça peu aider certain!!! Petite question au passage, puis-avoir confiance en zone alarme est il fiable? quelqu'un pourrait-il me conseiller un spyware? Merci
  10. Zouco

    Winupgro

    Zouco a répondu à un(e) sujet de Zouco dans Analyses et éradication malwares

    Hello Le log de toolbarSD -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz ) BIOS : BIOS Date: 08/01/07 09:47:33 Ver: 08.00.10 USER : Daniel ( Administrator ) BOOT : Fail-safe boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:13 Go) D:\ (Local Disk) - NTFS - Total:195 Go (Free:182 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 01/01/2009|15:47 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\AskSBar\SrchAstt Supprime! - C:\Program Files\Dealio\kb127 Supprime! - C:\Program Files\Mozilla Firefox\extensions\[email protected] Supprime! - C:\Program Files\Search Settings\kb127 Supprime! - C:\Program Files\Search Settings\SearchSettings.exe Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll Supprime! - C:\Program Files\AskSBar Supprime! - C:\Program Files\Dealio Supprime! - C:\Program Files\Search Settings -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.be/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. D:\DOCUME~1\Daniel\Recent\KEYGEN.lnk 1 - "C:\ToolBar SD\TB_1.txt" - 01/01/2009|10:55 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 01/01/2009|15:50 - Option : [2] -----------\\ Fin du rapport a 15:50:18,07 Par contre la réparation de la liaison internet n'a rien solutioné. Ce qui est étrange c'est que je n'ai pas de soucis avec Skype par contre j'ai le même problème avec MSN
  11. Zouco

    Winupgro

    Zouco a répondu à un(e) sujet de Zouco dans Analyses et éradication malwares

    Bonjour, et bonne année! primo le rapport ComboFix: ComboFix 08-12-28.01 - Daniel 2008-12-29 0:05:35.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1650 [GMT 1:00] Lancé depuis: d:\documents and settings\Daniel\Bureau\dan.exe.exe FW: ZoneAlarm Firewall *disabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Windows Media Player\WMPNSCFG.exe c:\windows\system32\ban_list.txt c:\windows\system32\mdelk.exe c:\windows\system32\wintems.exe d:\documents and settings\Daniel\Application Data\drivers\downld d:\documents and settings\Daniel\Application Data\drivers\downld\101218.exe d:\documents and settings\Daniel\Application Data\drivers\downld\102078.exe d:\documents and settings\Daniel\Application Data\drivers\downld\111578.exe d:\documents and settings\Daniel\Application Data\drivers\downld\114890.exe d:\documents and settings\Daniel\Application Data\drivers\downld\115109.exe d:\documents and settings\Daniel\Application Data\drivers\downld\123062.exe d:\documents and settings\Daniel\Application Data\drivers\downld\124250.exe d:\documents and settings\Daniel\Application Data\drivers\downld\124296.exe d:\documents and settings\Daniel\Application Data\drivers\downld\124500.exe d:\documents and settings\Daniel\Application Data\drivers\downld\124906.exe d:\documents and settings\Daniel\Application Data\drivers\downld\125171.exe d:\documents and settings\Daniel\Application Data\drivers\downld\200250.exe d:\documents and settings\Daniel\Application Data\drivers\downld\244984.exe d:\documents and settings\Daniel\Application Data\drivers\downld\262937.exe d:\documents and settings\Daniel\Application Data\drivers\downld\263437.exe d:\documents and settings\Daniel\Application Data\drivers\downld\263515.exe d:\documents and settings\Daniel\Application Data\drivers\downld\276328.exe d:\documents and settings\Daniel\Application Data\drivers\downld\277031.exe d:\documents and settings\Daniel\Application Data\drivers\downld\277078.exe d:\documents and settings\Daniel\Application Data\drivers\downld\277343.exe d:\documents and settings\Daniel\Application Data\drivers\downld\284765.exe d:\documents and settings\Daniel\Application Data\drivers\downld\285296.exe d:\documents and settings\Daniel\Application Data\drivers\downld\286062.exe d:\documents and settings\Daniel\Application Data\drivers\downld\290296.exe d:\documents and settings\Daniel\Application Data\drivers\downld\291578.exe d:\documents and settings\Daniel\Application Data\drivers\downld\291609.exe d:\documents and settings\Daniel\Application Data\drivers\downld\292109.exe d:\documents and settings\Daniel\Application Data\drivers\downld\292812.exe d:\documents and settings\Daniel\Application Data\drivers\downld\294625.exe d:\documents and settings\Daniel\Application Data\drivers\downld\297609.exe d:\documents and settings\Daniel\Application Data\drivers\downld\303921.exe d:\documents and settings\Daniel\Application Data\drivers\downld\316250.exe d:\documents and settings\Daniel\Application Data\drivers\downld\316609.exe d:\documents and settings\Daniel\Application Data\drivers\downld\317250.exe d:\documents and settings\Daniel\Application Data\drivers\downld\321890.exe d:\documents and settings\Daniel\Application Data\drivers\downld\322843.exe d:\documents and settings\Daniel\Application Data\drivers\downld\323671.exe d:\documents and settings\Daniel\Application Data\drivers\downld\324296.exe d:\documents and settings\Daniel\Application Data\drivers\downld\327578.exe d:\documents and settings\Daniel\Application Data\drivers\downld\333359.exe d:\documents and settings\Daniel\Application Data\drivers\downld\333890.exe d:\documents and settings\Daniel\Application Data\drivers\downld\334343.exe d:\documents and settings\Daniel\Application Data\drivers\downld\338937.exe d:\documents and settings\Daniel\Application Data\drivers\downld\339421.exe d:\documents and settings\Daniel\Application Data\drivers\downld\339718.exe d:\documents and settings\Daniel\Application Data\drivers\downld\349984.exe d:\documents and settings\Daniel\Application Data\drivers\downld\356515.exe d:\documents and settings\Daniel\Application Data\drivers\downld\359828.exe d:\documents and settings\Daniel\Application Data\drivers\downld\360453.exe d:\documents and settings\Daniel\Application Data\drivers\downld\361328.exe d:\documents and settings\Daniel\Application Data\drivers\downld\370468.exe d:\documents and settings\Daniel\Application Data\drivers\downld\370984.exe d:\documents and settings\Daniel\Application Data\drivers\downld\371375.exe d:\documents and settings\Daniel\Application Data\drivers\downld\78593.exe d:\documents and settings\Daniel\Application Data\drivers\downld\86968.exe d:\documents and settings\Daniel\Application Data\drivers\downld\87031.exe d:\documents and settings\Daniel\Application Data\drivers\downld\91234.exe d:\documents and settings\Daniel\Application Data\drivers\downld\93734.exe d:\documents and settings\Daniel\Application Data\drivers\downld\94875.exe d:\documents and settings\Daniel\Application Data\drivers\downld\98218.exe d:\documents and settings\Daniel\Application Data\drivers\downld\98296.exe d:\documents and settings\Daniel\Application Data\drivers\downld\99500.exe d:\documents and settings\Daniel\Application Data\drivers\downld\99546.exe d:\documents and settings\Daniel\Application Data\drivers\srosa.sys d:\documents and settings\Daniel\Application Data\drivers\srosa2.sys d:\documents and settings\Daniel\Application Data\drivers\winupgro.exe d:\documents and settings\Daniel\Application Data\m d:\documents and settings\Daniel\Application Data\m\data.oct d:\documents and settings\Daniel\Application Data\m\flec006.exe d:\documents and settings\Daniel\Application Data\m\list.oct d:\documents and settings\Daniel\Application Data\m\shared\0.zip d:\documents and settings\Daniel\Application Data\m\shared\2_Nokia - SlovoEd.v1_0_CRACK.zip d:\documents and settings\Daniel\Application Data\m\shared\A4Desk Music Player 2.07.zip d:\documents and settings\Daniel\Application Data\m\shared\Accomplice Portable 1.2.3.zip d:\documents and settings\Daniel\Application Data\m\shared\Adobe Photoshop Elements 7.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Ali Landry 22 Screensaver 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Amazon.com Search 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\AoA DVD COPY 2.8.5.zip d:\documents and settings\Daniel\Application Data\m\shared\Aplus FLV to MOV Converter 5.48.zip d:\documents and settings\Daniel\Application Data\m\shared\Applet FloatingMenu Builder 2005 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\AR Soft RAM Disk 1.20.zip d:\documents and settings\Daniel\Application Data\m\shared\Around the Cooler 1.0.0.0.zip d:\documents and settings\Daniel\Application Data\m\shared\ASP huge file upload 2.1.zip d:\documents and settings\Daniel\Application Data\m\shared\Avast!.v4.1.7.Pda.(Antivirus).zip d:\documents and settings\Daniel\Application Data\m\shared\B-Calm Privacy 1.2.19.zip d:\documents and settings\Daniel\Application Data\m\shared\Babya Presenter Standard 3.0.zip d:\documents and settings\Daniel\Application Data\m\shared\BHOList 1.5.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Buddy2Buddy 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\BusinessMail Email Server + Anti Spam System 4.70.00.zip d:\documents and settings\Daniel\Application Data\m\shared\BVCommerce 2004 Credit Card Processors 3.8.1.zip d:\documents and settings\Daniel\Application Data\m\shared\CATVids Import Utility 4.0.zip d:\documents and settings\Daniel\Application Data\m\shared\CD to WMA MP3 Ripper 1.60.zip d:\documents and settings\Daniel\Application Data\m\shared\Check Disk and Format Disk Component 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Christina Applegate Screensaver2.zip d:\documents and settings\Daniel\Application Data\m\shared\Colors of the Nature Screensaver 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\CompuApps DriveEraser 1.19.zip d:\documents and settings\Daniel\Application Data\m\shared\CopyFighter 3.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Courier Mail Server 2.06.zip d:\documents and settings\Daniel\Application Data\m\shared\Cubic Inch Converter .a.zip d:\documents and settings\Daniel\Application Data\m\shared\DialupMon 1.4.2.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Digital Audio CD Burner 7.4.0.10.zip d:\documents and settings\Daniel\Application Data\m\shared\DIGITAL ROC Professional 2.1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Disk Performance Analyzer for Networks 1.0.1051a.zip d:\documents and settings\Daniel\Application Data\m\shared\drweb.for.windows.4.33.keyfile.rev.zip d:\documents and settings\Daniel\Application Data\m\shared\Duplicate File Finder Pro 1.10.zip d:\documents and settings\Daniel\Application Data\m\shared\DVD To WAV Converter 1.02.zip d:\documents and settings\Daniel\Application Data\m\shared\Earthquake.zip d:\documents and settings\Daniel\Application Data\m\shared\Easy Group Mail Subscriber 2.06.zip d:\documents and settings\Daniel\Application Data\m\shared\Email Spider Standard Edition 1.01.zip d:\documents and settings\Daniel\Application Data\m\shared\EmotiConverter 0.9.9.3.zip d:\documents and settings\Daniel\Application Data\m\shared\EMS Data Import for Oracle 3.1.0.7.zip d:\documents and settings\Daniel\Application Data\m\shared\Fast Messages 1.21.zip d:\documents and settings\Daniel\Application Data\m\shared\Favorites to HTML Pro 2.2.15.zip d:\documents and settings\Daniel\Application Data\m\shared\FeedMU 1.5.54.0.zip d:\documents and settings\Daniel\Application Data\m\shared\FictionSoftware EasyShutDown 1.0.2.zip d:\documents and settings\Daniel\Application Data\m\shared\File Compare XP 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\foo adpcm 0.7.zip d:\documents and settings\Daniel\Application Data\m\shared\FreezeX Standard 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\FTPHoover 2.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Fuzzy System Component 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Gradient Screensaver 3.0.zip d:\documents and settings\Daniel\Application Data\m\shared\GSDictionary 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Haali Media Splitter 1.7.401.3.zip d:\documents and settings\Daniel\Application Data\m\shared\Home Video Converter Pro 4.7.5.299.zip d:\documents and settings\Daniel\Application Data\m\shared\Human Pictcha 1.0.5.zip d:\documents and settings\Daniel\Application Data\m\shared\Image Recognition Web Test Plugin 4.301.zip d:\documents and settings\Daniel\Application Data\m\shared\Incrediback Backup 2.25.zip d:\documents and settings\Daniel\Application Data\m\shared\InstantRecovery Personal Edition 4.1.zip d:\documents and settings\Daniel\Application Data\m\shared\ITS Password Generator 1.0.2.zip d:\documents and settings\Daniel\Application Data\m\shared\JoyMouse 2.4.2.zip d:\documents and settings\Daniel\Application Data\m\shared\JPEG Optimizer 3.15.zip d:\documents and settings\Daniel\Application Data\m\shared\Listen Later 1.2.0.zip d:\documents and settings\Daniel\Application Data\m\shared\ListMemoriser 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\LsT 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Marine Life 3D Screensaver 1.1.zip d:\documents and settings\Daniel\Application Data\m\shared\Meda MP3ToWav 1.0.1.zip d:\documents and settings\Daniel\Application Data\m\shared\MediaDoctor 2.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Mortgage Rescision Prequal. Software 1.0.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Mp3 Organizer Pro 3.0.zip d:\documents and settings\Daniel\Application Data\m\shared\myAlbum2 2.1.2.32767.zip d:\documents and settings\Daniel\Application Data\m\shared\Mydoom.A Remover 3.5.1.11.zip d:\documents and settings\Daniel\Application Data\m\shared\Navigatore Satellitare Tomtom Citymaps Nokia.zip d:\documents and settings\Daniel\Application Data\m\shared\Nebula 2 1.1.zip d:\documents and settings\Daniel\Application Data\m\shared\NOD32_AntiVirus_v2.000.6.zip d:\documents and settings\Daniel\Application Data\m\shared\Norton Partition Magic 8.05 + Norton Boot Magic 8 - ita+serial - 2004 - by_mikyerosy.zip d:\documents and settings\Daniel\Application Data\m\shared\NTFSCHK 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\NuvaRing Reminder 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\PDF417 ActiveX Control 1.3.zip d:\documents and settings\Daniel\Application Data\m\shared\PerfConsole 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\PfiOO 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Pixel Circle 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Portable Junction Link Magic 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Postscript to Text Converter SDK Server License 2.0.zip d:\documents and settings\Daniel\Application Data\m\shared\PpSpeak 2.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Primatte Chromakey 3.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Pro-Care Spine Saver 1.0.0.zip d:\documents and settings\Daniel\Application Data\m\shared\ProjectHand 1.2.zip d:\documents and settings\Daniel\Application Data\m\shared\PwdDoubleCheck (Passwords) 1.0.1.zip d:\documents and settings\Daniel\Application Data\m\shared\QueryToDoc 3.6.zip d:\documents and settings\Daniel\Application Data\m\shared\[email protected] d:\documents and settings\Daniel\Application Data\m\shared\Rain Wonder Demo Screensaver 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Real2MSN 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Repedo One Free 3.3.6.zip d:\documents and settings\Daniel\Application Data\m\shared\Research Word 1.3.4.zip d:\documents and settings\Daniel\Application Data\m\shared\Retail Screensaver 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\RH CPUinfo 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\SABnzbd 0.4.4.zip d:\documents and settings\Daniel\Application Data\m\shared\Samplist's CD Player 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Samurai App 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Say What 1.1.8.zip d:\documents and settings\Daniel\Application Data\m\shared\ScrollBar Skiner 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Serials.Number.&.Generator.&.Cracks.-.Keygen.-.Symantec.Norton.Ghost.Serial.#.Creater.zip d:\documents and settings\Daniel\Application Data\m\shared\Shape Calculator 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Shareware Name Analyzer 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\ShortStuff 0.1.1.2.zip d:\documents and settings\Daniel\Application Data\m\shared\Signaling Analysis and Visualization 2.5.zip d:\documents and settings\Daniel\Application Data\m\shared\Sinai Screens 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Speed-O-Meter 4.1.zip d:\documents and settings\Daniel\Application Data\m\shared\SplitMovie 2.0.0.2.zip d:\documents and settings\Daniel\Application Data\m\shared\Standard Logistics Icons 2008.1.zip d:\documents and settings\Daniel\Application Data\m\shared\SurfSecret Privacy Protector 7.5.zip d:\documents and settings\Daniel\Application Data\m\shared\Symantec.Norton.Ghost.10.2006.bootable.deutsch.german.SN.BMTG-FCDJ-JBDH-QTHY-RD28-BCPD.zip d:\documents and settings\Daniel\Application Data\m\shared\System Monitor 1.5.zip d:\documents and settings\Daniel\Application Data\m\shared\TaskCapture 1.02.zip d:\documents and settings\Daniel\Application Data\m\shared\The Mystic Eye Tarot Calculator 1.2.zip d:\documents and settings\Daniel\Application Data\m\shared\Tick Tracer 1.0.0.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Urdu Dictionary 0.6.zip d:\documents and settings\Daniel\Application Data\m\shared\Video Card Stability Test 1.0.0.3 Build 80416.zip d:\documents and settings\Daniel\Application Data\m\shared\VideoResizer 1.1.zip d:\documents and settings\Daniel\Application Data\m\shared\View From Space Screensaver.zip d:\documents and settings\Daniel\Application Data\m\shared\vitaero (SkypeHeadset) 1.4.zip d:\documents and settings\Daniel\Application Data\m\shared\Web-candy Digital Clock 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\Web Response Grabber Standard 2.5.zip d:\documents and settings\Daniel\Application Data\m\shared\WGAL 7.09.04.zip d:\documents and settings\Daniel\Application Data\m\shared\WinSmit 2.0.1.zip d:\documents and settings\Daniel\Application Data\m\shared\xWords 1.0.zip d:\documents and settings\Daniel\Application Data\m\shared\YMulti Messenger 8.x.zip d:\documents and settings\Daniel\Application Data\m\shared\ZapMessenger 1.0.0.zip d:\documents and settings\Daniel\Application Data\m\srvlist.oct . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SROSA -------\Legacy_SROSA -------\Legacy_SK9OU0S -------\Service_sK9Ou0s ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 )))))))))))))))))))))))))))))))))))) . 2008-12-28 23:31 . 2008-11-06 02:03 <REP> d-------- C:\SDFix 2008-12-28 18:03 . 2008-12-29 00:06 <REP> d--h----- d:\documents and settings\Daniel\Application Data\drivers 2008-12-28 17:18 . 2008-12-29 00:03 <REP> d-------- d:\documents and settings\Daniel\Application Data\DNA 2008-12-28 17:18 . 2008-12-28 19:22 <REP> d-------- d:\documents and settings\Daniel\Application Data\BitTorrent 2008-12-28 17:18 . 2008-12-29 00:10 <REP> d-------- c:\program files\DNA 2008-12-28 17:18 . 2008-12-28 17:18 <REP> d-------- c:\program files\BitTorrent 2008-12-21 21:07 . 2008-12-21 21:07 361,600 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2008-12-17 19:20 . 2008-12-17 19:20 <REP> d-------- d:\documents and settings\Daniel\Application Data\SPAMfighter 2008-12-17 19:19 . 2008-12-29 00:09 <REP> d-------- c:\program files\SPAMfighter 2008-12-17 19:19 . 2008-12-17 19:19 <REP> d-------- c:\program files\Fichiers communs\Application 2008-12-10 22:45 . 2008-12-10 22:45 <REP> d-------- d:\documents and settings\Daniel\Application Data\Uniblue 2008-12-10 20:14 . 2008-12-10 20:14 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-05 22:58 . 2004-08-16 18:55 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage réseau 2008-12-05 22:58 . 2004-08-16 18:55 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage d'impression 2008-12-05 22:58 . 2005-12-14 23:14 <REP> d--h----- d:\documents and settings\Administrateur\Modèles 2008-12-05 22:58 . 2005-12-14 15:19 <REP> dr------- d:\documents and settings\Administrateur\Mes documents 2008-12-05 22:58 . 2005-12-14 23:14 <REP> dr------- d:\documents and settings\Administrateur\Menu Démarrer 2008-12-05 22:58 . 2005-12-14 15:19 <REP> dr------- d:\documents and settings\Administrateur\Favoris 2008-12-05 22:58 . 2005-12-13 09:33 <REP> dr------- d:\documents and settings\Administrateur\Bureau 2008-12-05 22:58 . 2005-12-14 23:14 <REP> d-------- d:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver 2008-12-05 22:58 . 2005-12-13 09:25 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Symantec 2008-12-05 22:58 . 2008-01-20 13:03 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Apple Computer 2008-12-05 22:58 . 2008-12-05 22:58 <REP> d-------- d:\documents and settings\Administrateur 2008-12-05 21:15 . 2008-12-05 21:15 <REP> d-------- c:\program files\CCleaner 2008-12-05 11:58 . 2008-12-28 18:26 4,362,272 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-05 11:58 . 2008-12-28 18:26 55,328 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-05 11:54 . 2008-12-05 11:54 <REP> d-------- d:\documents and settings\All Users\Application Data\MailFrontier 2008-12-05 11:54 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe 2008-12-05 11:54 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll 2008-12-05 11:54 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll 2008-12-05 11:54 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll 2008-12-05 11:54 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll 2008-12-05 11:54 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll 2008-12-05 11:54 . 2008-12-05 11:57 4,212 ---h----- c:\windows\system32\zllictbl.dat 2008-12-05 11:53 . 2008-12-28 21:09 <REP> d-------- c:\windows\system32\ZoneLabs 2008-12-05 11:53 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll 2008-12-05 11:53 . 2008-12-28 12:17 358,382 --a------ c:\windows\system32\vsconfig.xml 2008-12-05 10:35 . 2008-12-28 18:04 <REP> d-------- c:\windows\Internet Logs 2008-12-05 10:35 . 2008-12-05 10:35 <REP> d-------- c:\program files\Zone Labs 2008-12-01 23:52 . 2008-12-29 00:03 <REP> d-------- d:\documents and settings\Daniel\Application Data\skypePM 2008-12-01 23:52 . 2008-12-01 23:52 <REP> d-------- c:\program files\Fichiers communs\Skype 2008-12-01 23:52 . 2008-12-01 23:52 56 --ah----- c:\windows\system32\ezsidmv.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-28 22:49 --------- d-----w d:\documents and settings\Daniel\Application Data\Skype 2008-12-28 16:54 --------- d-----w c:\program files\eMule 2008-12-28 11:29 242,736 ----a-w d:\documents and settings\Daniel\Application Data\GDIPFONTCACHEV1.DAT 2008-12-21 20:07 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS 2008-12-10 19:14 --------- d-----w c:\program files\Java 2008-12-06 15:10 --------- d-----w c:\program files\AskSBar 2008-12-06 10:39 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-06 00:12 --------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-05 23:44 --------- d-----w c:\program files\Alwil Software 2008-12-05 10:40 --------- d-----w d:\documents and settings\All Users\Application Data\VadeRetro 2008-12-05 10:40 --------- d-----w c:\program files\Goto Software 2008-12-05 10:14 --------- d-----w d:\documents and settings\Daniel\Application Data\Comodo 2008-11-14 09:55 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-08-30 21:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-29 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-06-29 17:06 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "Skype"="c:\apps\skype\Phone\Skype.exe" [2008-11-07 21633320] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-28 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-12-28 919016] "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-12-28 90112] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-13 180269] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-12-09 325768] "skypeclient.exe"="c:\program files\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2005-08-18 622592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-05-16 86960] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "HerculesCamService"="c:\program files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2007-02-26 102400] "BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-12-28 81000] "ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "OoPDFSettingsv6.exe"="c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 460800] "SkyTel"="SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] d:\documents and settings\Mathias\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224] d:\documents and settings\Daniel\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864] RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 10872] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] OFFICE One Notes v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2006-02-20 559104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm "msvideo"= CxCap.drv "msvideo1"= CxCap.drv "msvideo2"= CxCap.drv "msvideo3"= CxCap.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\apps\\skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "46939:UDP"= 46939:UDP:emule UDP R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;"c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service [2007-09-24 566560] R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-12-09 184968] R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\Drivers\HDvid.sys [2008-03-09 275072] R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-12-25 29696] R3 Atkcfg;Cordless Device Configuration;c:\windows\system32\Drivers\atkcfg.sys [2005-08-18 46592] R3 camfilt;camfilt;c:\windows\system32\Drivers\camfilt.sys [2008-03-09 24192] R3 Gig5gu;Cordless Internet Access;c:\windows\system32\Drivers\gig5gu.sys [2005-08-18 55680] R3 Gigsrf;Cordless Device Line Access;c:\windows\system32\Drivers\gigsrf.sys [2005-08-18 94592] R3 Gigtnc;Cordless PC Control;c:\windows\system32\Drivers\gigtnc.sys [2005-08-18 45440] R3 siellif;siellif;c:\windows\system32\Drivers\siellif.sys [2005-03-01 113408] R3 Sieupapp;Cordless Device Update;c:\windows\system32\Drivers\Sieupapp.sys [2005-08-18 32128] S1 aswSP;avast! Self Protection; [] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [] S3 Sieupdfu;Cordless Device in update mode;c:\windows\system32\Drivers\Sieupdfu.sys [2005-08-18 32000] S3 USTOR;U-Storage Controller;c:\windows\system32\DRIVERS\UStork.sys [2006-02-20 20218] S3 whmice2k;Fellowes Web Pro Optical mouse Upper Filter Driver;c:\windows\system32\DRIVERS\whmice2k.sys [2007-02-16 5797] . Contenu du dossier 'Tâches planifiées' 2007-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2008-12-28 c:\windows\Tasks\User_Feed_Synchronization-{E768AF4F-5A65-45BE-B28D-9D887499861F}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58] 2008-12-28 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-WMPNSCFG - c:\program files\Windows Media Player\WMPNSCFG.exe HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe HKLM-Run-UStorag - c:\program files\u-storage tool2.9\ustorage.exe HKLM-Run-AzMixerSel - c:\program files\Realtek\InstallShield\AzMixerSel.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: *.canalplay.com Trusted Zone: *.canalplusactive.com O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\Downloaded Program Files\msway.dll - O16 -: {E1AF091A-9F23-4059-89D7-C05EE073285D} hxxps://www.canalplay.com/cabs/msway44.cab c:\windows\Downloaded Program Files\msway.inf FF - ProfilePath - d:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\7v9wn3gd.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p= FF - plugin: c:\program files\Fichiers communs\fluxDVD\APIX\NPAPIX.dll FF - plugin: c:\program files\Fichiers communs\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-29 00:09:47 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\apps\HIDSERVICE\HidService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Gigaset DECT\gigaset-m34-software\appsvr.exe c:\apps\ABOARD\AOSD.EXE c:\windows\system32\msiexec.exe c:\program files\OFFICE One6.5\program\soffice.exe c:\apps\skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2008-12-29 0:14:38 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-28 23:14:35 Avant-CF: 5,501,235,200 octets libres Après-CF: 5,189,898,240 octets libres 478 --- E O F --- 2008-12-17 21:40:13 Puis Malwarebytes. Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1563 Windows 5.1.2600 Service Pack 3 29/12/2008 01:05:16 mbam-log-2008-12-29 (01-05-16).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 177768 Temps écoulé: 32 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 12 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP17\A0004239.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP18\A0004358.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP18\A0004388.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP18\A0004421.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0004473.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0004524.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP20\A0004579.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP20\A0004856.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP20\A0004890.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP20\A0004925.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0005031.sys (Worm.Bagel) -> Quarantined and deleted successfully. D:\Téléchargement internet\emule\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully. Puis comme je n'avais toujours pas d'accées à Zone Alarme et à avast, j'ai relancé ComboFix. ComboFix 08-12-28.03 - Daniel 2008-12-29 13:34:02.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1463 [GMT 1:00] Lancé depuis: d:\documents and settings\Daniel\Bureau\tralala.exe.exe * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 )))))))))))))))))))))))))))))))))))) . 2008-12-29 10:44 . 2008-12-29 10:44 <REP> d-------- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-29 08:50 . 2008-12-29 08:50 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Malwarebytes 2008-12-29 08:45 . 2008-12-29 08:45 47,614 --a------ C:\log-kapersky.html 2008-12-29 01:23 . 2008-12-29 01:23 <REP> d-------- c:\windows\system32\Kaspersky Lab 2008-12-29 01:09 . 2008-12-29 01:09 <REP> d-------- C:\dan.exe 2008-12-29 00:23 . 2008-12-29 00:23 <REP> d-------- d:\documents and settings\Daniel\Application Data\Malwarebytes 2008-12-29 00:23 . 2008-12-29 00:23 <REP> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-29 00:23 . 2008-12-29 00:23 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-29 00:23 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-29 00:23 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-28 18:03 . 2008-12-29 13:18 <REP> d--h----- d:\documents and settings\Daniel\Application Data\drivers 2008-12-28 17:18 . 2008-12-29 13:24 <REP> d-------- d:\documents and settings\Daniel\Application Data\DNA 2008-12-28 17:18 . 2008-12-28 19:22 <REP> d-------- d:\documents and settings\Daniel\Application Data\BitTorrent 2008-12-28 17:18 . 2008-12-29 13:27 <REP> d-------- c:\program files\DNA 2008-12-28 17:18 . 2008-12-28 17:18 <REP> d-------- c:\program files\BitTorrent 2008-12-21 21:07 . 2008-12-21 21:07 361,600 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2008-12-17 19:20 . 2008-12-17 19:20 <REP> d-------- d:\documents and settings\Daniel\Application Data\SPAMfighter 2008-12-17 19:19 . 2008-12-29 13:28 <REP> d-------- c:\program files\SPAMfighter 2008-12-17 19:19 . 2008-12-17 19:19 <REP> d-------- c:\program files\Fichiers communs\Application 2008-12-10 22:45 . 2008-12-10 22:45 <REP> d-------- d:\documents and settings\Daniel\Application Data\Uniblue 2008-12-10 20:14 . 2008-12-10 20:14 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-05 22:58 . 2004-08-16 18:55 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage réseau 2008-12-05 22:58 . 2004-08-16 18:55 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage d'impression 2008-12-05 22:58 . 2005-12-14 23:14 <REP> d--h----- d:\documents and settings\Administrateur\Modèles 2008-12-05 22:58 . 2005-12-14 15:19 <REP> dr------- d:\documents and settings\Administrateur\Mes documents 2008-12-05 22:58 . 2005-12-14 23:14 <REP> dr------- d:\documents and settings\Administrateur\Menu Démarrer 2008-12-05 22:58 . 2005-12-14 15:19 <REP> dr------- d:\documents and settings\Administrateur\Favoris 2008-12-05 22:58 . 2008-12-29 10:49 <REP> dr------- d:\documents and settings\Administrateur\Bureau 2008-12-05 22:58 . 2005-12-14 23:14 <REP> d-------- d:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver 2008-12-05 22:58 . 2005-12-13 09:25 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Symantec 2008-12-05 22:58 . 2008-01-20 13:03 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Apple Computer 2008-12-05 22:58 . 2008-12-05 22:58 <REP> d-------- d:\documents and settings\Administrateur 2008-12-05 21:15 . 2008-12-05 21:15 <REP> d-------- c:\program files\CCleaner 2008-12-05 11:58 . 2008-12-28 18:26 4,362,272 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-05 11:58 . 2008-12-28 18:26 55,328 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-05 11:54 . 2008-12-05 11:54 <REP> d-------- d:\documents and settings\All Users\Application Data\MailFrontier 2008-12-05 11:54 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe 2008-12-05 11:54 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll 2008-12-05 11:54 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll 2008-12-05 11:54 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll 2008-12-05 11:54 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll 2008-12-05 11:54 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll 2008-12-05 11:54 . 2008-12-05 11:57 4,212 ---h----- c:\windows\system32\zllictbl.dat 2008-12-05 11:53 . 2008-12-28 21:09 <REP> d-------- c:\windows\system32\ZoneLabs 2008-12-05 11:53 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll 2008-12-05 11:53 . 2008-12-28 12:17 358,382 --a------ c:\windows\system32\vsconfig.xml 2008-12-05 10:35 . 2008-12-28 18:04 <REP> d-------- c:\windows\Internet Logs 2008-12-05 10:35 . 2008-12-05 10:35 <REP> d-------- c:\program files\Zone Labs 2008-12-01 23:52 . 2008-12-29 08:41 <REP> d-------- d:\documents and settings\Daniel\Application Data\skypePM 2008-12-01 23:52 . 2008-12-01 23:52 <REP> d-------- c:\program files\Fichiers communs\Skype 2008-12-01 23:52 . 2008-12-01 23:52 56 --ah----- c:\windows\system32\ezsidmv.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-29 12:35 --------- d-----w d:\documents and settings\Daniel\Application Data\Skype 2008-12-28 16:54 --------- d-----w c:\program files\eMule 2008-12-28 11:29 242,736 ----a-w d:\documents and settings\Daniel\Application Data\GDIPFONTCACHEV1.DAT 2008-12-21 20:07 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS 2008-12-21 20:07 361,600 ----a-w c:\windows\system32\dllcache\TCPIP.SYS 2008-12-16 18:33 1,500,160 ----a-w c:\windows\Internet Logs\xDB1.tmp 2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-10 19:14 --------- d-----w c:\program files\Java 2008-12-06 15:10 --------- d-----w c:\program files\AskSBar 2008-12-06 10:39 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-06 00:12 --------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-05 23:44 --------- d-----w c:\program files\Alwil Software 2008-12-05 10:40 --------- d-----w d:\documents and settings\All Users\Application Data\VadeRetro 2008-12-05 10:40 --------- d-----w c:\program files\Goto Software 2008-12-05 10:14 --------- d-----w d:\documents and settings\Daniel\Application Data\Comodo 2008-11-14 09:55 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:03 247,326 ------w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-08-30 21:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-29 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-06-29 17:06 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "Skype"="c:\apps\skype\Phone\Skype.exe" [2008-11-07 21633320] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-28 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-12-28 919016] "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-12-28 90112] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-13 180269] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-12-09 325768] "skypeclient.exe"="c:\program files\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2005-08-18 622592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-05-16 86960] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "HerculesCamService"="c:\program files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2007-02-26 102400] "BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160] "ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "OoPDFSettingsv6.exe"="c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 460800] "SkyTel"="SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] d:\documents and settings\Mathias\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224] d:\documents and settings\Daniel\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864] RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 10872] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] OFFICE One Notes v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2006-02-20 559104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm "msvideo"= CxCap.drv "msvideo1"= CxCap.drv "msvideo2"= CxCap.drv "msvideo3"= CxCap.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\apps\\skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "46939:UDP"= 46939:UDP:emule UDP R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;"c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service [2007-09-24 566560] R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-12-09 184968] R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-12-25 29696] R3 Atkcfg;Cordless Device Configuration;c:\windows\system32\Drivers\atkcfg.sys [2005-08-18 46592] R3 Gig5gu;Cordless Internet Access;c:\windows\system32\Drivers\gig5gu.sys [2005-08-18 55680] R3 Gigsrf;Cordless Device Line Access;c:\windows\system32\Drivers\gigsrf.sys [2005-08-18 94592] R3 Gigtnc;Cordless PC Control;c:\windows\system32\Drivers\gigtnc.sys [2005-08-18 45440] R3 siellif;siellif;c:\windows\system32\Drivers\siellif.sys [2005-03-01 113408] R3 Sieupapp;Cordless Device Update;c:\windows\system32\Drivers\Sieupapp.sys [2005-08-18 32128] S3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\Drivers\HDvid.sys [2008-03-09 275072] S3 camfilt;camfilt;c:\windows\system32\Drivers\camfilt.sys [2008-03-09 24192] S3 Sieupdfu;Cordless Device in update mode;c:\windows\system32\Drivers\Sieupdfu.sys [2005-08-18 32000] S3 USTOR;U-Storage Controller;c:\windows\system32\DRIVERS\UStork.sys [2006-02-20 20218] S3 whmice2k;Fellowes Web Pro Optical mouse Upper Filter Driver;c:\windows\system32\DRIVERS\whmice2k.sys [2007-02-16 5797] . Contenu du dossier 'Tâches planifiées' 2007-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2008-12-28 c:\windows\Tasks\User_Feed_Synchronization-{E768AF4F-5A65-45BE-B28D-9D887499861F}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58] 2008-12-29 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-UStorag - c:\program files\u-storage tool2.9\ustorage.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: download.artevod.com Trusted Zone: www.artevod.com Trusted Zone: *.axa.be Trusted Zone: *.canalplay.com Trusted Zone: *.canalplusactive.com O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\Downloaded Program Files\msway.dll - O16 -: {E1AF091A-9F23-4059-89D7-C05EE073285D} hxxps://www.canalplay.com/cabs/msway44.cab c:\windows\Downloaded Program Files\msway.inf FF - ProfilePath - d:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\7v9wn3gd.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p= FF - plugin: c:\program files\Fichiers communs\fluxDVD\APIX\NPAPIX.dll FF - plugin: c:\program files\Fichiers communs\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-29 13:35:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2008-12-29 13:36:19 ComboFix-quarantined-files.txt 2008-12-29 12:36:17 ComboFix2.txt 2008-12-28 23:14:40 Avant-CF: 7 140 270 080 octets libres Après-CF: 7,112,318,976 octets libres 281 --- E O F --- 2008-12-17 21:40:13 Puis j'ai passé Findykill car je n'était pas sur pas sur du résultat ----------------- FindyKill V4.710 ------------------ * User : Daniel - PackardBell * executed from : C:\Program Files\FindyKill * Update on 21/12/08 par Chiquitine29 * Start at 14:44:17 the 29/12/2008 * Windows XP - Internet Explorer 7.0.5730.11 ((((((((((((((( *** deleting *** )))))))))))))))))) --------------- [ Active Processes ] ---------------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wbem\wmiprvse.exe --------------- [ Infected files / folders ] ---------------- »»»» Supression files in C: »»»» Supression files in C:\WINDOWS »»»» Supression files in C:\WINDOWS\Prefetch »»»» Supression files in C:\WINDOWS\system32 »»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming »»»» Supression files in C:\WINDOWS\system32\drivers »»»» Supression files in D:\Documents and Settings\Daniel\Application Data Deleted ! - "D:\Documents and Settings\Daniel\Application Data\drivers" »»»» Supression files in D:\DOCUME~1\Daniel\LOCALS~1\Temp »»»» Supression files in D:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5 --------------- [ Registry / Infected keys ] ---------------- Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S Deleted ! - HKEY_USERS\S-1-5-21-680497321-1473223302-1440570685-1006\Software\Local AppWizard-Generated Applications\keygen Deleted ! - HKEY_USERS\S-1-5-21-680497321-1473223302-1440570685-1006\Software\Local AppWizard-Generated Applications\winupgro --------------- [ States / Restarting of services ] ---------------- +- Services : [ Auto=2 / Request=3 / Disable=4 ] Ndisuio - Type of startup = 3 EapHost - Type of startup = 2 Ip6Fw - Type of startup = 2 SharedAccess - Type of startup = 2 wuauserv - Type of startup = 2 wscsvc - Type of startup = 2 --------------- [ Cleaning removable drives ] ---------------- +- Informations : C: - Lecteur fixe D: - Lecteur fixe F: - Lecteur amovible +- deleting files : --------------- [ Registry / Mountpoint2 ] ---------------- -> Not found ! --------------- [ Searching Cracks / Keygen ] ---------------- D:\Documents and Settings\Daniel\Recent\KEYGEN.lnk ---------------- ! End of report ! ------------------ Puis j'ai passée Antivir deux fois de suite. Avira AntiVir Personal Report file date: lundi 29 décembre 2008 16:17 Scanning for 1038808 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode with network Username: Administrateur Computer name: PackardBell Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13 ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:16:47 ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 16:38:59 Engineversion : 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 15:06:41 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 15:06:41 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 15:06:41 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 29 décembre 2008 16:17 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 14 processes with 14 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '53' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DATA> D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '49afffd1.qua'! D:\Téléchargement internet\audacity_audacity_1.3.4_beta_anglais_10372.exe [WARNING] The file could not be opened! D:\Téléchargement internet\BitTorrent-6.0.3.exe [WARNING] The file could not be opened! D:\Téléchargement internet\registryboosterplc.exe [WARNING] The file could not be opened! D:\Téléchargement internet\Setup_FreeConverter.exe [WARNING] The file could not be opened! D:\Téléchargement internet\antispam\spamfighter_web.exe [WARNING] The file could not be opened! D:\Téléchargement internet\antispam\vaderetro.EXE [WARNING] The file could not be opened! D:\Téléchargement internet\Avast\aswclear.exe [WARNING] The file could not be opened! D:\Téléchargement internet\Avast\avast_avast_4.8.1201_francais_anglais_11113.exe [WARNING] The file could not be opened! D:\Téléchargement internet\Avast\setupfre.exe [WARNING] The file could not be opened! D:\Téléchargement internet\Banque\installcptfree.exe [WARNING] The file could not be opened! D:\Téléchargement internet\cc_cleaner\ccsetup214.exe [WARNING] The file could not be opened! D:\Téléchargement internet\Finereader\FineReader9PRO-trial-FR.exe [WARNING] The file could not be opened! D:\Téléchargement internet\Firewall\Comodo_XP_Vista_x32.exe [WARNING] The file could not be opened! D:\Téléchargement internet\Firewall\zaSetup_fr.exe [WARNING] The file could not be opened! End of the scan: lundi 29 décembre 2008 17:57 Used time: 1:39:57 Hour(s) The scan has been done completely. 9423 Scanning directories 585121 Files were scanned 0 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 15 Files cannot be scanned 585105 Files not concerned 7564 Archives were scanned 15 Warnings 1 Notes Comme le contenu du répertoir "Telechargement internet" n'était pas accessible, je l'ai supprimé. Voici le Log du deuxieme antivir Avira AntiVir Personal Report file date: lundi 29 décembre 2008 18:04 Scanning for 1038808 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PackardBell Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13 ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:16:47 ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 16:38:59 Engineversion : 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 15:06:41 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 15:06:41 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 15:06:41 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 29 décembre 2008 18:04 Starting search for hidden objects. '65417' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'msconfig.exe' - '1' Module(s) have been scanned Scan process 'E_FATI9CE.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 24 processes with 24 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '53' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DATA> End of the scan: lundi 29 décembre 2008 18:40 Used time: 35:48 Minute(s) The scan has been done completely. 10169 Scanning directories 603135 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 603133 Files not concerned 7888 Archives were scanned 2 Warnings 0 Notes 65417 Objects were scanned with rootkit scan 0 Hidden objects were found Puis de nouveau MalwareBytes Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1563 Windows 5.1.2600 Service Pack 3 29/12/2008 20:26:20 mbam-log-2008-12-29 (20-26-20).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 172699 Temps écoulé: 35 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Et enfin aujourd'hui Toolbar SD -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz ) BIOS : BIOS Date: 08/01/07 09:47:33 Ver: 08.00.10 USER : Daniel ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated) Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:11 Go) D:\ (Local Disk) - NTFS - Total:195 Go (Free:182 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 01/01/2009|10:53 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskSBar C:\Program Files\AskSBar\SrchAstt C:\Program Files\AskSBar\SrchAstt\1.bin C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL C:\Program Files\Dealio C:\Program Files\Dealio\kb127 C:\Program Files\Mozilla Firefox\extensions\[email protected] C:\Program Files\Mozilla Firefox\extensions\[email protected]\CHROME\CONTENT\searchsettingsplugin.js C:\Program Files\Mozilla Firefox\extensions\[email protected]\CHROME\CONTENT\searchsettingsplugin.xul C:\Program Files\Mozilla Firefox\extensions\[email protected]\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd C:\Program Files\Mozilla Firefox\extensions\[email protected]\CHROME\LOCALE\EN-US\searchsettingsplugin.properties C:\Program Files\Mozilla Firefox\extensions\[email protected]\COMPONENTS\SearchSettingsFF.dll C:\Program Files\Search Settings C:\Program Files\Search Settings\kb127 C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Search Settings\kb127\res C:\Program Files\Search Settings\kb127\SearchSettings.dll C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll C:\Program Files\Search Settings\kb127\temp C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.be/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. D:\DOCUME~1\Daniel\Recent\KEYGEN.lnk 1 - "C:\ToolBar SD\TB_1.txt" - 01/01/2009|10:55 - Option : [1] -----------\\ Fin du rapport a 10:55:02,92 Voila, Comme je le disais, la vitesse de la machine est normal. j'ai enlevé Avast, Spyboot et ADware. installé Antivir et activé le firewall windows. Par contre je n'ai aucun accéss à ZoneAlarme et je n'arrive pas à le désinstaller. Internet Explorer et Filezilla se connectent à internet mais après un certain temps je ne peux plus navigué (Délais d'attente dépassé) pourtant la liaison et bonne puisque SKYPE marche correctement. Encore merci pour ton aide.
  12. Zouco
    Bonjour, J'ai été victime (mais je l'avais bien cherché à jouer avec une Mule) d'un programme qu'y a détruit tous mes programmes de sécurité (Avest, ZoneAlarm, Spyboot et AdAware). et ajouté le process "winupgro" qui ralentissait ma machine. J'ai d'abord supprimé le fichier qui été à l'origine de mes problème puis après avoir parcouru votre forum en long et en large j'ai passé: - ConboFix - Malwarebytes - Findykill - Antivir Aujourd'hui si je repasse Malwarebytes, antivir et Kapersky online scaner je n'ai plus de message suspect et la vitesse de ma machine est normal. Pourtant Je n'arrive pas à desinstaller ZoneAlarme. et parfois Internet explorer et Firefox ne se connectent pas. Je vous envoye le log de HighjackThis. Quelqu'un y voit-il quelquechose de suspect? Merci pour votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:45:24, on 30/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\System32\svchost.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Gigaset DECT\gigaset-m34-software\skypeclient.exe C:\Program Files\Gigaset DECT\gigaset-m34-software\appsvr.exe C:\WINDOWS\RTHDCPL.EXE C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\apps\ABoard\ABoard.exe C:\apps\ABoard\AOSD.exe C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe C:\WINDOWS\system32\ctfmon.exe C:\apps\skype\Phone\Skype.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Program Files\OFFICE One6.5\program\soffice.exe C:\apps\skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe F:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [skypeclient.exe] "C:\Program Files\Gigaset DECT\gigaset-m34-software\skypeclient.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\apps\skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: http://download.artevod.com O15 - Trusted Zone: http://www.artevod.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplay.com/cabs/msway44.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O23 - Service: Service de licence ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 12853 bytes Voila Encore merci.
×
×
  • Créer...