Aller au contenu

Ixezed

Membres
  • Compteur de contenus

    24
  • Inscription

  • Dernière visite

Tout ce qui a été posté par Ixezed

  1. Merci de l'info, mais cette carte est trop chère pour moi. Elle se vend 180$ CAN ici.
  2. Bonjour à tous! Mon ordinateur a récemment planté sans aucun préavis. Les ventilateurs du processeur, de la carte graphique et du boîtier fonctionnent, mais rien ne s'affiche à l'écran (je n'entend pas les disques durs tourner ni des bips provenant de la carte maîtresse). J'ai essayé de remplacer toutes les pièces une par une, rien ne fonctionne. Je crois donc que le problème est ma carte maîtresse. Je vais donc acheter une nouvelle carte maîtresse et voir si le problème sera réparé (sinon, j'irai me faire rembourser). J'ai présentement un processeur intel pentium D 800 (socket 775 ) et une carte graphique AGP. Mon détaillant informatique m'a dit qu'ils ne tiennent plus de motherboard AGP, je songe donc à m'acheter une carte graphique PCI-E pas très chère, mais relativement performante. Voici les choix que me proposent le magasin : ASUS PCIE RAD EAH4650 512M TVO BTE (75$ CAN) ASUS PCIE RAD EAH4670 512M TVO BTE (89$ CAN) ASUS PCIE GF9 EN9500GT MAGIC 512M BTE (79$ CAN) SAPPHIRE PCIE RAD HD4650 1024M TVO BTE (79$ CAN) Est-ce que ces cartes sont performantes? Laquelle me conseilleriez-vous? Ça vaut la peine que j'achète une de celles-là ? Merci de vos conseils !
  3. Je ne peux pas poursuivre la procédure puisque mon ordinateur refuse de s'ouvrir! Après avoir lancé HJT, j'ai installé une nouvelle imprimante sur mon PC qui fonctionnait très bien. Durant la soirée, ma copine est venue travailler sur l'ordinateur et lorsqu'elle l'a éteint, elle a été incapable de le rallumer. En fait lorsqu'on allume le PC, les ventilateurs tournent (fan, processeur, carte graphique) mais c'est tout. Rien ne s'affiche sur l'écran. J'ai ôté puis remis les barrettes RAM, j'ai ôté et remis la carte graphique, j'ai changé le jumper du clearBIOS. Je soupçonne peut-être le power supply, mais les ventilos tournent pourtant. La prochaine étape est de démonter le processeur, le nettoyer et de le remettre... Si vous avez d'autres suggestions j'apprécierais! Si je réussi à remettre sur pied la machine, je continuera les étapes ci-haut.
  4. Oups en effet, c'est mon erreur! MBAM m'a demandé un reboot après le scan. Voici le log HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:26:17, on 2009-08-25 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\spoolsv.exe f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe F:\Program Files\Avira\AntiVir Desktop\sched.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\Java\jre6\bin\jusched.exe F:\WINDOWS\system32\Rundll32.exe F:\Program Files\Avira\AntiVir Desktop\avgnt.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Avira\AntiVir Desktop\avguard.exe F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\PnkBstrB.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\Ati2evxx.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Benoit Gosselin\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://moteur.chat-land.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {E8F148DF-CEF4-4E01-96AC-791EB183D256} - (no file) O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [updReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [cmds] rundll32.exe F:\DOCUME~1\Famille\LOCALS~1\Temp\tuvSkHWm.dll,c (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [94827131] rundll32.exe "F:\DOCUME~1\Famille\LOCALS~1\Temp\rxjkniku.dll",b (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [MS Juan] rundll32 "F:\DOCUME~1\Famille\LOCALS~1\Temp\fheoau.dll",run (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Famille') O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212110836186 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224096606054 O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28091/activereceiver.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O18 - Protocol: intu-ir2006 - {F5B3637E-01C9-456C-869E-4570CE217261} - F:\ImpotRapide 2006\IR2006\ic2006pp.dll O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - F:\Program Files\ImpotRapide 2007\ic2007pp.dll O20 - AppInit_DLLs: uimggg.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9069 bytes
  5. Oh, merci de l'intervention Mark! Voici le log de MBAM, je vais maintenant redémarrer le PC Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2691 Windows 5.1.2600 Service Pack 3 2009-08-25 02:16:41 mbam-log-2009-08-25 (02-16-41).txt Type de recherche: Examen rapide Eléments examinés: 113770 Temps écoulé: 12 minute(s), 57 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): F:\Documents and Settings\Famille\Application Data\asd.bat (Rogue.WinPCDefender) -> Quarantined and deleted successfully.
  6. Bonjour à tous ! Depuis quelques temps j'éprouve des ralentissements lorsque je navigue sur internet, surtout sur les sites web possédants beaucoup d'images et d'animations. Je n'ai jamais eu de problème de performance auparavant, c'est pourquoi je soupçonne la présence de malwares ou de processus inutiles dans mon PC. J'ai nettoyé tous les fichiers temporaires/cookies/historique de mes navigateurs avec CCleaner. Merci de bien vouloir analyser mon log Hijackthis. Au plaisir -------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:18:44, on 2009-08-24 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\spoolsv.exe f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe F:\Program Files\Avira\AntiVir Desktop\sched.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\Avira\AntiVir Desktop\avguard.exe F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\WINDOWS\system32\Rundll32.exe F:\Program Files\Avira\AntiVir Desktop\avgnt.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\PnkBstrB.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Benoit Gosselin\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://moteur.chat-land.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {E8F148DF-CEF4-4E01-96AC-791EB183D256} - (no file) O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [updReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212110836186 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224096606054 O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28091/activereceiver.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O18 - Protocol: intu-ir2006 - {F5B3637E-01C9-456C-869E-4570CE217261} - F:\ImpotRapide 2006\IR2006\ic2006pp.dll O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - F:\Program Files\ImpotRapide 2007\ic2007pp.dll O20 - AppInit_DLLs: uimggg.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7926 bytes
  7. Rapport malmarebyte : Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1722 Windows 5.1.2600 Service Pack 3 2009-02-03 19:18:37 mbam-log-2009-02-03 (19-18-37).txt Type de recherche: Examen complet (C:\|F:\|) Eléments examinés: 233004 Temps écoulé: 1 hour(s), 4 minute(s), 23 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 8 Clé(s) du Registre infectée(s): 10 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 29 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): F:\WINDOWS\system32\ockkcoqs.dll (Trojan.Vundo.H) -> Delete on reboot. F:\WINDOWS\system32\uimggg.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\tuvSkHWm.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\wyiddljo.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\fipsqsmn.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\rxjkniku.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\ftjfeguh.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\fheoau.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc504f17-b1b4-4d5a-818d-ec6c70956980} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cc504f17-b1b4-4d5a-818d-ec6c70956980} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd2bd2c4-e4b9-4f5d-85ed-a586f4d73736} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{fd2bd2c4-e4b9-4f5d-85ed-a586f4d73736} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94827131 (Trojan.Vundo.H) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): F:\WINDOWS\system32\rqijoilq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. F:\WINDOWS\system32\uimggg.dll (Trojan.Vundo.H) -> Delete on reboot. F:\WINDOWS\system32\ockkcoqs.dll (Trojan.Vundo.H) -> Delete on reboot. F:\WINDOWS\system32\sqockkco.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temp\tuvSkHWm.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\wyiddljo.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\fipsqsmn.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\rxjkniku.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\ftjfeguh.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\fheoau.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Benoit Gosselin\Local Settings\Temporary Internet Files\Content.IE5\K21HQPU7\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Benoit Gosselin\Local Settings\Temporary Internet Files\Content.IE5\IX6XZQEI\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Benoit Gosselin\Local Settings\Temporary Internet Files\Content.IE5\RS38UKPZ\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. F:\Documents and Settings\Benoit Gosselin\Local Settings\Temporary Internet Files\Content.IE5\YIR6XDWR\img[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temp\vhegjhbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temp\vrbien.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temp\lbklodas.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\3GD3JYMW\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\3GD3JYMW\index[2] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\A2AZOSFY\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\B2JSO109\img[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\D0278Y0Z\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\D0278Y0Z\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\DUG18OIM\img[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\ihukkcmt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\pmnljJAp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\hgGARlig.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\fccaYpPH.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\fcccbbxU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  8. Voici le rapport SDFIX, je vais maintenant lancer Malbytes SDFix: Version 1.240 Run by Benoit Gosselin on 2009-02-02 at 20:51 Microsoft Windows XP [version 5.1.2600] Running From: F:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: F:\WINDOWS\system32\yayYspMd.dll - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-03 17:46:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... IPC error: 2 Le fichier spécifié est introuvable. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "F:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"="F:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe:*:Enabled:Mass Effect Game" "F:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"="F:\\Program Files\\Mass Effect\\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "F:\\WINDOWS\\system32\\PnkBstrA.exe"="F:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "F:\\WINDOWS\\system32\\PnkBstrB.exe"="F:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="F:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb" "F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray" "F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "F:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"="F:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe:*:Enabled:OrbTVGuide" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - F:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 28 Aug 2008 1,977 ...HR --- "F:\Documents and Settings\Benoit Gosselin\Application Data\SecuROM\UserData\securom_v7_01.bak" Mon 12 Feb 2007 3,096,576 A..H. --- "F:\Documents and Settings\Benoit Gosselin\Application Data\U3\temp\Launchpad Removal.exe" Finished!
  9. Bonjour ! Depuis peu il y a apparition de fenêtres de publicités lorsque je navigue sur internet, j'aimerais avoir l'avis d'un expert s.v.p. Voici le log HJT, merci de votre temps ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:40:08, on 2009-02-01 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\spoolsv.exe f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\PnkBstrB.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe F:\Program Files\ASUS\Asus Probe\AsusProb.exe F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe F:\Program Files\Analog Devices\SoundMAX\Smax4.exe F:\WINDOWS\system32\Rundll32.exe F:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe F:\Program Files\Nero\Nero 7\InCD\InCD.exe F:\Program Files\CyberLink\PCM4Everio\EverioService.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Nikon\PictureProject\NkbMonitor.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\WINDOWS\system32\rundll32.exe F:\WINDOWS\system32\rundll32.exe F:\WINDOWS\system32\wscntfy.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Benoit Gosselin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [ASUS Probe] F:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [updReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [LVCOMSX] "F:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] F:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [EverioService] "F:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [94827131] rundll32.exe "F:\WINDOWS\system32\ockkcoqs.dll",b O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Famille') O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = F:\Program Files\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212110836186 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224096606054 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O18 - Protocol: intu-ir2006 - {F5B3637E-01C9-456C-869E-4570CE217261} - F:\ImpotRapide 2006\IR2006\ic2006pp.dll O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - F:\Program Files\ImpotRapide 2007\ic2007pp.dll O20 - AppInit_DLLs: uimggg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8353 bytes
  10. Parfait ! Merci beaucoup pour ton aide, c'est très apprécié! Tu fais un excellent travail
  11. Je vais laisser ici le rapport Highjackthis de l'autre ordinateur de la maison, si tu préfères que je le mettes dans un autre sujet je peux en créer un. Je ne sais pas s'il est infecté, il ne présente aucun symptôme apparent, mais j'aimerais en être sûr. ------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:27:53, on 2009-01-11 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\spoolsv.exe f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\PnkBstrB.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe F:\Program Files\ASUS\Asus Probe\AsusProb.exe F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe F:\Program Files\Analog Devices\SoundMAX\Smax4.exe F:\WINDOWS\system32\Rundll32.exe F:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe F:\Program Files\Nero\Nero 7\InCD\InCD.exe F:\Program Files\CyberLink\PCM4Everio\EverioService.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\Program Files\Messenger\msmsgs.exe F:\Program Files\Windows Live\Messenger\msnmsgr.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\Ati2evxx.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Benoit Gosselin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [ASUS Probe] F:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [updReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [LVCOMSX] "F:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] F:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [EverioService] "F:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Famille') O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212110836186 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224096606054 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O18 - Protocol: intu-ir2006 - {F5B3637E-01C9-456C-869E-4570CE217261} - F:\ImpotRapide 2006\IR2006\ic2006pp.dll O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - F:\Program Files\ImpotRapide 2007\ic2007pp.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8547 bytes
  12. Rapport CF-RC : WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
  13. Parfait, je vais faire ça à l'instant ! Existe-il des logiciels P2P plus "sécuritaires" que Limewire selon toi? Aussi, j'aimerais faire un scan de l'ordinateur principal de la maison afin de voir s'il est infecté, est-ce que je pars un nouveau sujet ou je peux mettre le log highjackthis ici ?
  14. Voici le rapport de kaspersky, il a détecté pas mal de trucs ! 17 menaces et 30 objets infectés. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, January 11, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, January 11, 2009 02:16:18 Records in database: 1600405 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 57216 Threat name: 17 Infected objects: 30 Suspicious objects: 0 Duration of the scan: 01:45:57 File name / Threat name / Threats count C:\Program Files\ESET\infected\0L0PPHCA.NQF Infected: not-a-virus:AdWare.Win32.Beginto.f 1 C:\Program Files\ESET\infected\0L0PPHCA.NQF Infected: not-a-virus:AdWare.Win32.Beginto.i 1 C:\Program Files\ESET\infected\5QDBRKDA.NQF Infected: Backdoor.Win32.MSNMaker.ab 1 C:\Program Files\ESET\infected\BUFNKPDA.NQF Infected: Exploit.Win32.MS04-20.b 1 C:\Program Files\ESET\infected\EKWYGXCA.NQF Infected: not-a-virus:AdWare.Win32.Beginto.f 1 C:\Program Files\ESET\infected\F1NENGDA.NQF Infected: Trojan.Win32.Monder.gen 1 C:\Program Files\ESET\infected\HEPUN2BA.NQF Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1 C:\Program Files\ESET\infected\OHLN5GDA.NQF Infected: not-a-virus:AdWare.Win32.TrafficSol.d 1 C:\Program Files\ESET\infected\RPHW3SBA.NQF Infected: not-a-virus:AdWare.Win32.SuperJuan.etv 1 C:\Program Files\ESET\infected\VN0BB4AA.NQF Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Program Files\ESET\infected\WFGHX2CA.NQF Infected: Trojan-Downloader.Win32.VB.ann 1 C:\Program Files\ESET\infected\XYKSAECA.NQF Infected: Trojan-Downloader.Win32.Agent.auv 1 C:\Program Files\ESET\infected\Y0HSLNBA.NQF Infected: Trojan-Downloader.Win32.Agent.auv 1 C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ezowoj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fvs 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fhbcylqd.dll.vir Infected: Trojan.Win32.Monder.aguq 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hcdtkunv.dll.vir Infected: Trojan.Win32.Pakes.mnh 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hkguyq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ivyumfca.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fvs 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\klulajrg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\lecwrwmb.dll.vir Infected: Trojan.Win32.Monder.aguq 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\txaoescc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\yrowww.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqu 1 C:\WINDOWS\system32\SearchEnhancer\SearchEnhancer.dll Infected: not-a-virus:AdWare.Win32.Beginto.i 1 The selected area was scanned.
  15. J'ai activé le parefeu de windows pour l'instant ! C'est suffisant ?
  16. Ceci n'est pas mon ordinateur, mais celui de ma jeune soeur de 19 ans. Elle l'utilise presqu'exclusivement pour télécharger des fichiers .mp3 sur limewire. J'ai beau lui dire de ne pas utiliser ce logiciel, mais elle y tient absolument. Il faut donc désinfecter la machine à chaque année lorsqu'elle devient inutilisable (comme c'était le cas avant le nettoyage). Je ne sais pas quoi faire pour la convaincre de ne pas utiliser LIMEWIRE !
  17. Voici le rapport de Combofix : -------------------------------------------------------- ComboFix 09-01-10.02 - Chan 2009-01-10 21:38:11.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.655 [GMT -5:00] Lancé depuis: c:\documents and settings\Chan\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Chan\Bureau\CFScript.txt * Un nouveau point de restauration a été créé * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: c:\windows\system32\bsdfmktu.ini c:\windows\system32\cgmkulxd.ini c:\windows\system32\djehsldx.ini c:\windows\system32\elkyrpfs.ini c:\windows\system32\fokkkbph.ini c:\windows\system32\frydfjhn.ini c:\windows\system32\fugahphu.ini c:\windows\system32\fwwbcbrv.ini c:\windows\system32\gcdrjtet.ini c:\windows\system32\gfctvcwo.ini c:\windows\system32\gkxddrlb.ini c:\windows\system32\gynmgcsq.ini c:\windows\system32\hafcddwd.ini c:\windows\system32\isfymvtd.ini c:\windows\system32\ispibjcw.ini c:\windows\system32\jcavdqql.ini c:\windows\system32\kgdslgbn.ini c:\windows\system32\kyabqbas.ini c:\windows\system32\mvndixfu.ini c:\windows\system32\panvhemx.ini c:\windows\system32\qfubwamb.ini c:\windows\system32\rkmxphmk.ini c:\windows\system32\rwpgmpdj.ini c:\windows\system32\sihmkhjx.ini c:\windows\system32\wqnvrvap.ini c:\windows\system32\xfdjrbsn.ini c:\windows\system32\xwouonke.ini c:\windows\system32\yfyaypyw.ini c:\windows\system32\yptmvthj.ini c:\windows\system32\yvpaujmy.ini c:\windows\system32\ywccjcvw.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\windows media player\mplayer2.exe c:\windows\system32\msrdo20.dll c:\windows\system32\rdocurs.dll . ---- Previous Run ------- . c:\program files\windows media player\mplayer2.exe c:\windows\system32\bsdfmktu.ini c:\windows\system32\cgmkulxd.ini c:\windows\system32\djehsldx.ini c:\windows\system32\elkyrpfs.ini c:\windows\system32\fokkkbph.ini c:\windows\system32\frydfjhn.ini c:\windows\system32\fugahphu.ini c:\windows\system32\fwwbcbrv.ini c:\windows\system32\gcdrjtet.ini c:\windows\system32\gfctvcwo.ini c:\windows\system32\gkxddrlb.ini c:\windows\system32\gynmgcsq.ini c:\windows\system32\hafcddwd.ini c:\windows\system32\isfymvtd.ini c:\windows\system32\ispibjcw.ini c:\windows\system32\jcavdqql.ini c:\windows\system32\kgdslgbn.ini c:\windows\system32\kmsxdwgv.ini c:\windows\system32\kyabqbas.ini c:\windows\system32\mvndixfu.ini c:\windows\system32\mxexnlhq.ini c:\windows\system32\panvhemx.ini c:\windows\system32\qfubwamb.ini c:\windows\system32\rkmxphmk.ini c:\windows\system32\rwpgmpdj.ini c:\windows\system32\sihmkhjx.ini c:\windows\system32\uutqrrns.ini c:\windows\system32\wqnvrvap.ini c:\windows\system32\xfdjrbsn.ini c:\windows\system32\xwouonke.ini c:\windows\system32\yfyaypyw.ini c:\windows\system32\yptmvthj.ini c:\windows\system32\yvpaujmy.ini c:\windows\system32\ywccjcvw.ini . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 )))))))))))))))))))))))))))))))))))) . 2009-01-08 18:58 . 2009-01-08 18:58 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-08 18:58 . 2009-01-08 18:58 <REP> d-------- c:\documents and settings\Chan\Application Data\Malwarebytes 2009-01-08 18:58 . 2009-01-08 18:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-08 18:58 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-08 18:58 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-08 18:29 . 2009-01-08 19:14 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-01-08 18:29 . 2008-06-14 12:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-01-08 18:29 . 2008-08-14 04:51 138,368 -----c--- c:\windows\system32\dllcache\afd.sys 2009-01-08 18:26 . 2008-05-01 09:31 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-01-04 18:19 . 2009-01-04 18:19 <REP> d-------- C:\rsit 2009-01-04 18:19 . 2009-01-04 18:19 <REP> d-------- c:\program files\trend micro 2009-01-01 14:15 . 2009-01-10 21:46 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{ED41E75A-E816-42FB-872D-6983320D34F4} 2009-01-01 14:11 . 2007-08-21 09:25 374 --------- c:\windows\system32\DWLAB.dat 2009-01-01 14:10 . 2005-10-19 18:19 1,327,189 --a------ c:\windows\system32\odSupp_M.dll 2009-01-01 14:10 . 2007-09-05 18:13 679,936 --a------ c:\windows\system32\ANIWZCS2.dll 2009-01-01 14:10 . 2007-08-14 13:26 262,144 --a------ c:\windows\system32\wnicapi.dll 2009-01-01 14:10 . 2007-08-20 17:41 233,472 --a------ c:\windows\system32\WlanApp.dll 2009-01-01 14:10 . 2007-05-12 13:33 217,088 --a------ c:\windows\system32\aIPH.dll 2009-01-01 14:10 . 2005-10-27 08:55 49,152 --a------ c:\windows\system32\JJAKEn.dll 2009-01-01 14:10 . 2005-10-19 18:19 49,152 --a------ c:\windows\system32\AQCKGen.dll 2009-01-01 14:10 . 2006-09-26 13:49 45,115 --a------ c:\windows\system32\ANICtl.dll 2009-01-01 14:09 . 2009-01-01 14:10 <REP> d-------- c:\program files\ANI 2009-01-01 14:09 . 2007-09-21 00:23 405,583 --a------ c:\windows\system32\jswscsup.dll 2009-01-01 14:09 . 2007-07-06 17:30 57,376 --a------ c:\windows\system32\jswscimd.sys 2009-01-01 14:09 . 2007-07-06 17:30 57,376 --a------ c:\windows\system32\drivers\jswscimd.sys 2009-01-01 14:09 . 2005-12-13 10:38 48,128 --a------ c:\windows\system32\ANIO64.sys 2009-01-01 14:09 . 2005-10-21 15:56 36,864 --a------ c:\windows\system32\ANIOApi.dll 2009-01-01 14:09 . 2005-12-11 11:55 28,195 --a------ c:\windows\system32\ANIO.sys 2009-01-01 14:09 . 2004-10-14 10:29 16,997 --a------ c:\windows\system32\ANIO.VXD 2009-01-01 14:09 . 2007-07-28 18:07 12,564 --a------ c:\windows\system32\jswscimdp.cat 2009-01-01 14:09 . 2007-07-28 18:07 12,135 --a------ c:\windows\system32\jswscimd.cat 2009-01-01 14:09 . 2004-10-14 10:29 11,904 --a------ c:\windows\system32\anio4.sys 2009-01-01 14:09 . 2007-07-06 17:30 5,529 --a------ c:\windows\system32\jswscimdp.inf 2009-01-01 14:09 . 2007-07-06 17:30 2,231 --a------ c:\windows\system32\jswscimd.inf 2009-01-01 14:08 . 2009-01-01 14:08 <REP> d-------- c:\program files\D-Link 2009-01-01 14:08 . 2009-01-01 14:08 <REP> d-------- c:\documents and settings\Chan\Application Data\InstallShield 2008-12-31 16:44 . 2008-12-31 16:48 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{03642EFD-0647-4CB5-9ED8-24C18AA40049} 2008-12-30 12:48 . 2008-12-30 12:48 <REP> d-------- c:\documents and settings\Chan\Application Data\MSN6 2008-12-30 12:48 . 2008-12-30 12:48 <REP> d-------- c:\documents and settings\All Users\Application Data\MSN6 2008-12-29 18:53 . 2008-12-29 18:53 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{A9918488-0286-4AD9-8194-B0FB6E8C7648} 2008-12-29 18:20 . 2008-12-29 18:23 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{0E24014B-1727-4E93-9118-16741632034C} 2008-12-29 17:30 . 2008-12-29 17:44 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{E085B21D-18BD-4F94-9E81-C0240CED9893} 2008-12-28 01:29 . 2009-01-10 21:45 7 --a------ c:\windows\system32\ANIWZCSUSERNAME 2008-12-28 01:09 . 2008-12-28 01:10 <REP> d-------- c:\documents and settings\Chan\Application Data\U3 2008-12-28 00:58 . 2008-12-28 02:12 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{2B376CA3-3B96-48E2-B873-27190B23F827} 2008-12-28 00:53 . 2007-06-06 09:40 377,920 -ra------ c:\windows\system32\drivers\A5AGU.sys 2008-12-28 00:53 . 2007-05-31 17:13 155,536 -ra------ c:\windows\system32\drivers\ar5523.bin 2008-12-28 00:53 . 2005-05-05 16:04 24,576 -ra------ c:\windows\system32\DWLInst.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-01 19:10 --------- d--h--w c:\program files\InstallShield Installation Information . ((((((((((((((((((((((((((((( snapshot@2009-01-08_13.33.37.75 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-07 20:18:27 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll + 2008-07-07 20:28:20 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:24:11 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll + 2008-05-07 04:55:47 1,294,336 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll + 2008-05-07 05:11:24 1,294,336 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll + 2008-05-07 05:04:59 1,294,336 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll + 2008-06-24 16:30:27 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll + 2008-06-24 16:44:02 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll + 2008-06-24 16:53:52 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll + 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll + 2008-10-23 12:51:46 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll + 2008-10-23 12:36:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll + 2008-10-23 12:44:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll + 2008-06-14 17:59:52 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys - 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys - 2007-02-28 16:02:21 2,138,112 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 13:44:35 2,138,112 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2007-02-28 16:02:36 2,059,648 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 13:44:39 2,059,776 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2007-02-28 16:02:21 2,017,792 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 13:44:33 2,017,792 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe - 2007-02-28 16:02:36 2,182,400 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-08-14 13:44:37 2,182,400 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-03-01 12:58:06 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll + 2008-03-01 12:58:06 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll + 2008-03-01 12:58:06 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll + 2008-03-01 12:58:06 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll + 2008-03-01 12:58:06 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll + 2008-02-29 08:56:41 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe + 2008-03-01 12:58:06 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll + 2008-03-01 12:58:06 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll + 2008-03-01 12:58:07 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll + 2008-03-01 12:58:07 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll + 2008-03-01 12:58:08 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll + 2008-03-01 12:58:08 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll + 2008-03-01 12:58:08 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe + 2008-02-29 08:57:05 625,664 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe + 2008-03-01 12:58:08 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll + 2008-03-01 12:58:08 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll + 2008-03-01 12:58:08 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll + 2008-03-01 12:58:09 478,208 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll + 2008-03-01 12:58:10 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll + 2008-03-01 12:58:10 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll + 2008-03-01 12:58:10 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll + 2008-03-01 12:58:10 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll + 2008-03-01 12:58:10 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll + 2008-03-01 12:58:10 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll + 2008-03-01 12:58:11 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll + 2008-03-01 12:58:11 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll + 2008-03-01 22:28:10 3,591,680 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll + 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll - 2008-03-01 12:58:06 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll - 2007-07-30 23:19:20 92,504 ----a-w c:\windows\system32\cdm.dll + 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll - 2008-03-01 12:58:06 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-10-16 20:18:31 124,928 -c----w c:\windows\system32\dllcache\advpack.dll - 2007-07-30 23:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2008-03-01 12:58:06 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-10-16 20:18:31 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-03-01 12:58:06 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-10-16 20:18:31 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-07-07 20:31:48 253,952 -c----w c:\windows\system32\dllcache\es.dll - 2008-03-01 12:58:06 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-10-16 20:18:31 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll - 2008-02-20 06:51:00 282,624 -c----w c:\windows\system32\dllcache\gdi32.dll + 2008-10-23 13:00:15 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll - 2008-03-01 12:58:06 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-02-29 08:56:41 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe + 2008-10-16 13:12:20 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe - 2008-03-01 12:58:06 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-10-16 20:18:32 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2008-03-01 12:58:06 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-10-16 20:18:32 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2008-02-15 05:44:25 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll + 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll - 2008-03-01 12:58:07 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-03-01 12:58:07 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll + 2008-10-16 20:18:32 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll - 2008-03-01 12:58:08 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-03-01 12:58:08 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-10-16 20:18:35 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2008-03-01 12:58:08 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-02-22 10:00:51 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-02-29 08:57:05 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe - 2007-08-21 06:17:23 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll + 2008-04-11 18:51:06 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll - 2008-03-01 12:58:08 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-10-16 20:18:36 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2006-10-19 01:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2004-08-19 23:09:58 4,639 -c--a-w c:\windows\system32\dllcache\mplayer2.exe - 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys + 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys + 2008-06-24 16:23:56 74,240 -c----w c:\windows\system32\dllcache\mscms.dll - 2008-03-01 12:58:08 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-03-01 12:58:08 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-03-01 22:28:10 3,591,680 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2008-12-13 06:37:56 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-03-01 12:58:09 478,208 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-10-16 20:18:40 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-03-01 12:58:10 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-10-16 20:18:40 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-03-01 12:58:10 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-10-16 20:18:41 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2007-06-26 06:09:14 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll + 2008-09-04 16:45:11 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll - 2006-08-17 12:29:49 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll + 2008-10-15 16:59:28 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll - 2007-02-28 16:02:21 2,138,112 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-08-14 13:44:35 2,138,112 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe - 2007-02-28 16:02:36 2,059,648 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-08-14 13:44:39 2,059,776 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe - 2007-02-28 16:02:21 2,017,792 -c----w c:\windows\system32\dllcache\ntkrpamp.exe + 2008-08-14 13:44:33 2,017,792 -c----w c:\windows\system32\dllcache\ntkrpamp.exe - 2007-02-28 16:02:36 2,182,400 -c----w c:\windows\system32\dllcache\ntoskrnl.exe + 2008-08-14 13:44:37 2,182,400 -c----w c:\windows\system32\dllcache\ntoskrnl.exe - 2008-03-01 12:58:10 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-10-16 20:18:41 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-03-01 12:58:10 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-10-16 20:18:41 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll - 2007-10-29 22:43:32 1,293,824 -c----w c:\windows\system32\dllcache\quartz.dll + 2008-05-07 05:15:36 1,293,824 -c----w c:\windows\system32\dllcache\quartz.dll - 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys - 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys + 2008-08-28 10:04:17 333,056 -c----w c:\windows\system32\dllcache\srv.sys - 2006-08-24 18:19:40 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll + 2008-10-03 10:17:02 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll - 2008-03-01 12:58:10 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-10-16 20:18:41 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2008-03-01 12:58:10 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-10-16 20:18:42 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-03-01 12:58:11 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-10-16 20:18:42 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2008-03-20 08:09:22 1,845,376 -c----w c:\windows\system32\dllcache\win32k.sys + 2008-09-15 15:39:16 1,846,144 -c----w c:\windows\system32\dllcache\win32k.sys - 2008-03-01 12:58:11 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-10-16 20:18:43 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2006-10-19 02:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll + 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2006-10-19 02:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll - 2007-07-30 23:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2007-07-30 23:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2007-07-30 23:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2007-07-30 23:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll - 2007-07-30 23:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll - 2004-08-04 06:14:14 138,496 ----a-w c:\windows\system32\drivers\afd.sys + 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys - 2004-08-19 22:55:31 274,944 ------w c:\windows\system32\drivers\bthport.sys + 2008-06-14 17:59:52 272,768 ------w c:\windows\system32\drivers\bthport.sys - 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys - 2006-07-13 08:48:58 202,240 ----a-w c:\windows\system32\drivers\rmcast.sys + 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys - 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys + 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys - 2008-03-01 12:58:06 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-03-01 12:58:06 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2005-07-26 04:39:57 243,200 ----a-w c:\windows\system32\es.dll + 2008-07-07 20:31:48 253,952 ----a-w c:\windows\system32\es.dll - 2008-03-01 12:58:06 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-04-09 07:11:33 118,952 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-01-09 08:21:34 118,952 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-02-20 06:51:00 282,624 ----a-w c:\windows\system32\gdi32.dll + 2008-10-23 13:00:15 283,648 ----a-w c:\windows\system32\gdi32.dll - 2008-03-01 12:58:06 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-02-29 08:56:41 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-10-16 13:12:20 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-03-01 12:58:06 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-03-01 12:58:06 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-03-01 12:58:07 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-03-01 12:58:07 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-03-01 12:58:08 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll - 2008-03-01 12:58:08 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-03-01 12:58:08 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-02-22 10:00:51 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2007-08-21 06:17:23 683,520 ----a-w c:\windows\system32\inetcomm.dll + 2008-04-11 18:51:06 683,520 ----a-w c:\windows\system32\inetcomm.dll - 2008-03-01 12:58:08 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2006-10-19 01:03:58 100,864 ----a-w c:\windows\system32\logagent.exe + 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe - 2005-06-29 01:49:41 74,240 ----a-w c:\windows\system32\mscms.dll + 2008-06-24 16:23:56 74,240 ----a-w c:\windows\system32\mscms.dll - 2008-03-01 12:58:08 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-03-01 12:58:08 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-03-01 22:28:10 3,591,680 ----a-w c:\windows\system32\mshtml.dll + 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll - 2008-03-01 12:58:09 478,208 ----a-w c:\windows\system32\mshtmled.dll + 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-03-01 12:58:10 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-03-01 12:58:10 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\mstime.dll - 2007-06-26 06:09:14 1,104,896 ----a-w c:\windows\system32\msxml3.dll + 2008-09-04 16:45:11 1,106,944 ----a-w c:\windows\system32\msxml3.dll - 2007-07-30 23:19:10 271,224 ----a-w c:\windows\system32\mucltui.dll + 2008-10-16 19:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll - 2007-07-30 23:19:04 207,736 ----a-w c:\windows\system32\muweb.dll + 2008-10-16 19:06:48 208,744 ----a-w c:\windows\system32\muweb.dll - 2006-08-17 12:29:49 332,288 ----a-w c:\windows\system32\netapi32.dll + 2008-10-15 16:59:28 332,800 ----a-w c:\windows\system32\netapi32.dll - 2007-02-28 16:02:36 2,059,648 ----a-w c:\windows\system32\ntkrnlpa.exe + 2008-08-14 13:44:39 2,059,776 ----a-w c:\windows\system32\ntkrnlpa.exe - 2007-02-28 16:02:36 2,182,400 ----a-w c:\windows\system32\ntoskrnl.exe + 2008-08-14 13:44:37 2,182,400 ----a-w c:\windows\system32\ntoskrnl.exe - 2008-03-01 12:58:10 102,912 ----a-w c:\windows\system32\occache.dll + 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\occache.dll - 2008-03-01 12:58:10 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2007-10-29 22:43:32 1,293,824 ----a-w c:\windows\system32\quartz.dll + 2008-05-07 05:15:36 1,293,824 ----a-w c:\windows\system32\quartz.dll + 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll - 2006-12-10 19:10:04 15,664 ------w c:\windows\system32\spmsg.dll + 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll - 2006-08-24 18:19:40 246,814 ----a-w c:\windows\system32\strmdll.dll + 2008-10-03 10:17:02 247,326 ----a-w c:\windows\system32\strmdll.dll - 2007-11-13 11:31:11 60,416 ------w c:\windows\system32\tzchange.exe + 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe - 2008-03-01 12:58:10 105,984 ----a-w c:\windows\system32\url.dll + 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll - 2008-03-01 12:58:10 1,159,680 ----a-w c:\windows\system32\urlmon.dll + 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-03-01 12:58:11 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-03-20 08:09:22 1,845,376 ----a-w c:\windows\system32\win32k.sys + 2008-09-15 15:39:16 1,846,144 ----a-w c:\windows\system32\win32k.sys - 2008-03-01 12:58:11 826,368 ----a-w c:\windows\system32\wininet.dll + 2008-10-16 20:18:43 826,368 ----a-w c:\windows\system32\wininet.dll - 2006-10-19 02:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll + 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll - 2006-10-19 02:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll + 2008-06-24 23:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll - 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll + 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll - 2007-07-30 23:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll + 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll - 2007-07-30 23:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe + 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll + 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll - 2007-07-30 23:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll - 2007-07-30 23:18:40 33,624 ----a-w c:\windows\system32\wups.dll + 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll - 2007-07-30 23:19:12 43,352 ----a-w c:\windows\system32\wups2.dll + 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll - 2007-07-30 23:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll + 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll + 2008-04-15 17:56:59 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-19 949376] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "iRiver Updater"="\Updater.exe" [2004-07-01 212992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064] "D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2007-11-12 1662976] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-07-17 118784] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2002-12-10 17:32 155648 c:\program files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] --a------ 2002-12-10 17:31 61440 c:\program files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 05:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] --a------ 2003-03-20 13:21 1855488 c:\windows\mixer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\StubInstaller.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-03-19 15424] R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2008-12-28 377920] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2009-01-01 352338] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contenu du dossier 'Tâches planifiées' 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &Search LSP: c:\windows\system32\imon.dll TCP: {91091312-7BF4-4BFF-BD82-6671CF23A2FB} = 192.168.0.1 TCP: {ED41E75A-E816-42FB-872D-6983320D34F4} = 4.2.2.2,4.2.2.3 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-10 21:45:04 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(964) c:\windows\system32\imon.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\ESET\nod32krn.exe c:\windows\system32\WgaTray.exe C:\Updater.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2009-01-10 21:54:30 - La machine a redémarré [Chan] ComboFix-quarantined-files.txt 2009-01-11 02:53:53 ComboFix2.txt 2009-01-08 23:24:55 ComboFix3.txt 2009-01-08 18:37:05 Avant-CF: 3,314,094,080 octets libres Après-CF: 3,318,185,984 octets libres 558 --- E O F --- 2009-01-09 08:14:29
  18. Moi qui vient de renouveller ma license de NOD32, je suis déçu d'entendre ça ! Je croyais que NOD32 était le top du top. Tu me suggères donc de télécharger antivir ou d'utiliser seulement kaspersky?
  19. D'accord ! Quel est l'avantage de NOD32 face aux antivirus gratuits (comme ANTIVIR ou Kaspersky) ? Est-ce que je fais bien de payer environ 40-50$ par année pour cet antivirus ou ANTIVIR est équivalent ? Merci ! ( Je télécharge le script et je te reviens avec les rapports ).
  20. Salut ! J'ai un peu tardé, j'étais absent quelques jours. Le script de Combofix n'est plus disponible sur le site d'upload, tu peux me le renvoyer svp ? Aussi, j'ai NOD32 sur mon ordinateur. Préféres-tu que je fasse un scan avec NOD32 ou toujours Kaspersky ? Merci !
  21. Voici le rapport de Malwarebytes : De quoi était infecté la machine? Est-ce que tout est réglé? Y a t-il un moyen d'être sûr à 100% de la propreté de l'ordinateur ? --------------------------- Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1632 Windows 5.1.2600 Service Pack 2 2009-01-08 19:16:39 mbam-log-2009-01-08 (19-16-39).txt Type de recherche: Examen rapide Eléments examinés: 48546 Temps écoulé: 16 minute(s), 50 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 100 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\Chan\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\Chan\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\Chan\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  22. Voici le second rapport de Combofix : ComboFix 09-01-08.01 - Chan 2009-01-08 18:05:14.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.685 [GMT -5:00] Lancé depuis: c:\documents and settings\Chan\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Chan\Bureau\CFScript.txt * Un nouveau point de restauration a été créé * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: c:\documents and settings\Chan\Application Data\internaldb1942.dat c:\documents and settings\Chan\Application Data\internaldb1952.dat c:\documents and settings\Chan\Application Data\internaldb2391.dat c:\documents and settings\Chan\Application Data\internaldb41.dat c:\documents and settings\Chan\Application Data\internaldb4808.dat c:\documents and settings\Chan\Application Data\internaldb4827.dat c:\documents and settings\Chan\Application Data\internaldb5436.dat c:\documents and settings\Chan\Application Data\internaldb6334.dat c:\documents and settings\Chan\Application Data\internaldb70.dat c:\documents and settings\Chan\Application Data\internaldb7573.dat c:\documents and settings\Chan\Application Data\internaldb8467.dat c:\windows\ezowoj.dll c:\windows\system32\akmboqem.ini c:\windows\system32\alrinkom.ini c:\windows\system32\avcogqgd.ini c:\windows\system32\bdcjgcpe.ini c:\windows\system32\bmwrwcel.ini c:\windows\system32\bxirkrye.ini c:\windows\system32\cciaacnc.ini c:\windows\system32\dqlycbhf.ini c:\windows\system32\dsvvlqey.ini c:\windows\system32\ebcdombk.ini c:\windows\system32\ecfejmkx.ini c:\windows\system32\eofoldtu.ini c:\windows\system32\exixrsey.ini c:\windows\system32\ezowoj.dll c:\windows\system32\fgejmtbd.ini c:\windows\system32\fgsmhmdf.ini c:\windows\system32\foxeyvwd.ini c:\windows\system32\frcbxxgr.ini c:\windows\system32\gblqxaok.ini c:\windows\system32\gfreeaqp.ini c:\windows\system32\giwirnbo.ini c:\windows\system32\gpfybnyl.ini c:\windows\system32\gwktqjyt.ini c:\windows\system32\hkarlusk.ini c:\windows\system32\icahbvyy.ini c:\windows\system32\icuvnfnv.ini c:\windows\system32\iepibydv.ini c:\windows\system32\inwqdhoi.ini c:\windows\system32\iqypwhtn.ini c:\windows\system32\iqypwhtn.tmp c:\windows\system32\iroalfwn.ini c:\windows\system32\jvhlkmhl.ini c:\windows\system32\jwqetahy.ini c:\windows\system32\khtsglui.ini c:\windows\system32\klqucxud.ini c:\windows\system32\knkitkvb.ini c:\windows\system32\knwsnaxw.ini c:\windows\system32\ktoareey.ini c:\windows\system32\lxyxqrmo.ini c:\windows\system32\mbjyalsm.ini c:\windows\system32\moidisfd.ini c:\windows\system32\mwjhcnih.ini c:\windows\system32\mwmjvhhb.ini c:\windows\system32\mywiuyro.ini c:\windows\system32\nahpenjy.ini c:\windows\system32\ngioccaj.ini c:\windows\system32\nnnnLETm.dll c:\windows\system32\nrpjqvja.ini c:\windows\system32\ocksrhol.ini c:\windows\system32\oljwgmxu.ini c:\windows\system32\pjacwgpb.ini c:\windows\system32\plolgpyq.ini c:\windows\system32\preeqgej.ini c:\windows\system32\ptvawift.ini c:\windows\system32\qavxfesg.ini c:\windows\system32\qesfwjoc.ini c:\windows\system32\qiptwrbx.ini c:\windows\system32\qsnawuol.ini c:\windows\system32\qspgdqpl.ini c:\windows\system32\quiijcxv.ini c:\windows\system32\rhgxtbrg.ini c:\windows\system32\rjnsyaji.ini c:\windows\system32\rlrvlxbg.ini c:\windows\system32\rommteug.ini c:\windows\system32\rrdlejcc.ini c:\windows\system32\rujjkcsu.ini c:\windows\system32\safvvbcq.ini c:\windows\system32\sfgfrlom.ini c:\windows\system32\sgswnraa.ini c:\windows\system32\spjaceoh.ini c:\windows\system32\swlwdgos.ini c:\windows\system32\sylrgdji.ini c:\windows\system32\tgfgmlch.ini c:\windows\system32\tnebjpih.ini c:\windows\system32\ufmacrrh.ini c:\windows\system32\ugaaicnb.ini c:\windows\system32\ujpenoyq.ini c:\windows\system32\uptoqsiq.ini c:\windows\system32\vaohkehj.ini c:\windows\system32\vhimeiiv.ini c:\windows\system32\vijmsltv.ini c:\windows\system32\vliksdob.ini c:\windows\system32\vlpedpsa.ini c:\windows\system32\vnuktdch.ini c:\windows\system32\vyoceuoc.ini c:\windows\system32\wbqcytis.ini c:\windows\system32\wiavhblo.ini c:\windows\system32\wuvsygvq.ini c:\windows\system32\wwfppfep.ini c:\windows\system32\xbwuqlgb.ini c:\windows\system32\xsssgyfy.ini c:\windows\system32\xyvrjwca.ini c:\windows\system32\ybkjbwff.ini c:\windows\system32\ydvydjrp.ini c:\windows\system32\ymnbcyxn.ini c:\windows\system32\yogcdfqd.ini c:\windows\system32\yufbpadu.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Chan\Application Data\internaldb1942.dat c:\documents and settings\Chan\Application Data\internaldb1952.dat c:\documents and settings\Chan\Application Data\internaldb2391.dat c:\documents and settings\Chan\Application Data\internaldb41.dat c:\documents and settings\Chan\Application Data\internaldb4808.dat c:\documents and settings\Chan\Application Data\internaldb4827.dat c:\documents and settings\Chan\Application Data\internaldb5436.dat c:\documents and settings\Chan\Application Data\internaldb6334.dat c:\documents and settings\Chan\Application Data\internaldb70.dat c:\documents and settings\Chan\Application Data\internaldb7573.dat c:\documents and settings\Chan\Application Data\internaldb8467.dat c:\windows\system32\akmboqem.ini c:\windows\system32\alrinkom.ini c:\windows\system32\avcogqgd.ini c:\windows\system32\bdcjgcpe.ini c:\windows\system32\bmwrwcel.ini c:\windows\system32\bxirkrye.ini c:\windows\system32\cciaacnc.ini c:\windows\system32\dqlycbhf.ini c:\windows\system32\dsvvlqey.ini c:\windows\system32\ebcdombk.ini c:\windows\system32\ecfejmkx.ini c:\windows\system32\eofoldtu.ini c:\windows\system32\exixrsey.ini c:\windows\system32\fgejmtbd.ini c:\windows\system32\fgsmhmdf.ini c:\windows\system32\foxeyvwd.ini c:\windows\system32\frcbxxgr.ini c:\windows\system32\gblqxaok.ini c:\windows\system32\gfreeaqp.ini c:\windows\system32\giwirnbo.ini c:\windows\system32\gpfybnyl.ini c:\windows\system32\gwktqjyt.ini c:\windows\system32\hkarlusk.ini c:\windows\system32\icahbvyy.ini c:\windows\system32\icuvnfnv.ini c:\windows\system32\iepibydv.ini c:\windows\system32\inwqdhoi.ini c:\windows\system32\iqypwhtn.ini c:\windows\system32\iqypwhtn.tmp c:\windows\system32\iroalfwn.ini c:\windows\system32\jvhlkmhl.ini c:\windows\system32\jwqetahy.ini c:\windows\system32\khtsglui.ini c:\windows\system32\klqucxud.ini c:\windows\system32\knkitkvb.ini c:\windows\system32\knwsnaxw.ini c:\windows\system32\ktoareey.ini c:\windows\system32\lxyxqrmo.ini c:\windows\system32\mbjyalsm.ini c:\windows\system32\moidisfd.ini c:\windows\system32\mwjhcnih.ini c:\windows\system32\mwmjvhhb.ini c:\windows\system32\mywiuyro.ini c:\windows\system32\nahpenjy.ini c:\windows\system32\ngioccaj.ini c:\windows\system32\nnnnLETm.dll c:\windows\system32\nrpjqvja.ini c:\windows\system32\ocksrhol.ini c:\windows\system32\oljwgmxu.ini c:\windows\system32\pjacwgpb.ini c:\windows\system32\plolgpyq.ini c:\windows\system32\preeqgej.ini c:\windows\system32\ptvawift.ini c:\windows\system32\qavxfesg.ini c:\windows\system32\qesfwjoc.ini c:\windows\system32\qiptwrbx.ini c:\windows\system32\qsnawuol.ini c:\windows\system32\qspgdqpl.ini c:\windows\system32\quiijcxv.ini c:\windows\system32\rhgxtbrg.ini c:\windows\system32\rjnsyaji.ini c:\windows\system32\rlrvlxbg.ini c:\windows\system32\rommteug.ini c:\windows\system32\rrdlejcc.ini c:\windows\system32\rujjkcsu.ini c:\windows\system32\safvvbcq.ini c:\windows\system32\sfgfrlom.ini c:\windows\system32\sgswnraa.ini c:\windows\system32\spjaceoh.ini c:\windows\system32\swlwdgos.ini c:\windows\system32\sylrgdji.ini c:\windows\system32\tgfgmlch.ini c:\windows\system32\tnebjpih.ini c:\windows\system32\ufmacrrh.ini c:\windows\system32\ugaaicnb.ini c:\windows\system32\ujpenoyq.ini c:\windows\system32\uptoqsiq.ini c:\windows\system32\vaohkehj.ini c:\windows\system32\vhimeiiv.ini c:\windows\system32\vijmsltv.ini c:\windows\system32\vliksdob.ini c:\windows\system32\vlpedpsa.ini c:\windows\system32\vnuktdch.ini c:\windows\system32\vyoceuoc.ini c:\windows\system32\wbqcytis.ini c:\windows\system32\wiavhblo.ini c:\windows\system32\wuvsygvq.ini c:\windows\system32\wwfppfep.ini c:\windows\system32\xbwuqlgb.ini c:\windows\system32\xsssgyfy.ini c:\windows\system32\xyvrjwca.ini c:\windows\system32\ybkjbwff.ini c:\windows\system32\ydvydjrp.ini c:\windows\system32\ymnbcyxn.ini c:\windows\system32\yogcdfqd.ini c:\windows\system32\yufbpadu.ini . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 )))))))))))))))))))))))))))))))))))) . 2009-01-04 18:19 . 2009-01-04 18:19 <REP> d-------- C:\rsit 2009-01-04 18:19 . 2009-01-04 18:19 <REP> d-------- c:\program files\trend micro 2009-01-01 14:15 . 2009-01-08 18:15 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{ED41E75A-E816-42FB-872D-6983320D34F4} 2009-01-01 14:11 . 2007-08-21 09:25 374 --------- c:\windows\system32\DWLAB.dat 2009-01-01 14:10 . 2005-10-19 18:19 1,327,189 --a------ c:\windows\system32\odSupp_M.dll 2009-01-01 14:10 . 2007-09-05 18:13 679,936 --a------ c:\windows\system32\ANIWZCS2.dll 2009-01-01 14:10 . 2007-08-14 13:26 262,144 --a------ c:\windows\system32\wnicapi.dll 2009-01-01 14:10 . 2007-08-20 17:41 233,472 --a------ c:\windows\system32\WlanApp.dll 2009-01-01 14:10 . 2007-05-12 13:33 217,088 --a------ c:\windows\system32\aIPH.dll 2009-01-01 14:10 . 2005-10-27 08:55 49,152 --a------ c:\windows\system32\JJAKEn.dll 2009-01-01 14:10 . 2005-10-19 18:19 49,152 --a------ c:\windows\system32\AQCKGen.dll 2009-01-01 14:10 . 2006-09-26 13:49 45,115 --a------ c:\windows\system32\ANICtl.dll 2009-01-01 14:09 . 2009-01-01 14:10 <REP> d-------- c:\program files\ANI 2009-01-01 14:09 . 2007-09-21 00:23 405,583 --a------ c:\windows\system32\jswscsup.dll 2009-01-01 14:09 . 2007-07-06 17:30 57,376 --a------ c:\windows\system32\jswscimd.sys 2009-01-01 14:09 . 2007-07-06 17:30 57,376 --a------ c:\windows\system32\drivers\jswscimd.sys 2009-01-01 14:09 . 2005-12-13 10:38 48,128 --a------ c:\windows\system32\ANIO64.sys 2009-01-01 14:09 . 2005-10-21 15:56 36,864 --a------ c:\windows\system32\ANIOApi.dll 2009-01-01 14:09 . 2005-12-11 11:55 28,195 --a------ c:\windows\system32\ANIO.sys 2009-01-01 14:09 . 2004-10-14 10:29 16,997 --a------ c:\windows\system32\ANIO.VXD 2009-01-01 14:09 . 2007-07-28 18:07 12,564 --a------ c:\windows\system32\jswscimdp.cat 2009-01-01 14:09 . 2007-07-28 18:07 12,135 --a------ c:\windows\system32\jswscimd.cat 2009-01-01 14:09 . 2004-10-14 10:29 11,904 --a------ c:\windows\system32\anio4.sys 2009-01-01 14:09 . 2007-07-06 17:30 5,529 --a------ c:\windows\system32\jswscimdp.inf 2009-01-01 14:09 . 2007-07-06 17:30 2,231 --a------ c:\windows\system32\jswscimd.inf 2009-01-01 14:08 . 2009-01-01 14:08 <REP> d-------- c:\program files\D-Link 2009-01-01 14:08 . 2009-01-01 14:08 <REP> d-------- c:\documents and settings\Chan\Application Data\InstallShield 2008-12-31 16:44 . 2008-12-31 16:48 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{03642EFD-0647-4CB5-9ED8-24C18AA40049} 2008-12-30 12:48 . 2008-12-30 12:48 <REP> d-------- c:\documents and settings\Chan\Application Data\MSN6 2008-12-30 12:48 . 2008-12-30 12:48 <REP> d-------- c:\documents and settings\All Users\Application Data\MSN6 2008-12-29 23:28 . 2008-12-29 23:28 120 ---hs---- c:\windows\system32\fugahphu.ini 2008-12-29 23:25 . 2008-12-29 23:25 120 ---hs---- c:\windows\system32\wqnvrvap.ini 2008-12-29 22:25 . 2008-12-29 22:26 120 ---hs---- c:\windows\system32\gcdrjtet.ini 2008-12-29 22:22 . 2008-12-29 22:22 120 ---hs---- c:\windows\system32\bsdfmktu.ini 2008-12-29 22:19 . 2008-12-29 22:20 120 ---hs---- c:\windows\system32\kyabqbas.ini 2008-12-29 21:19 . 2008-12-29 21:19 120 ---hs---- c:\windows\system32\yvpaujmy.ini 2008-12-29 21:16 . 2008-12-29 21:17 120 ---hs---- c:\windows\system32\jcavdqql.ini 2008-12-29 20:16 . 2008-12-29 20:17 120 ---hs---- c:\windows\system32\frydfjhn.ini 2008-12-29 20:13 . 2008-12-29 20:14 120 ---hs---- c:\windows\system32\cgmkulxd.ini 2008-12-29 19:13 . 2008-12-29 19:13 120 ---hs---- c:\windows\system32\xfdjrbsn.ini 2008-12-29 19:10 . 2008-12-29 19:10 120 ---hs---- c:\windows\system32\ispibjcw.ini 2008-12-29 19:07 . 2008-12-29 19:08 120 ---hs---- c:\windows\system32\rkmxphmk.ini 2008-12-29 18:53 . 2008-12-29 18:53 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{A9918488-0286-4AD9-8194-B0FB6E8C7648} 2008-12-29 18:20 . 2008-12-29 18:23 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{0E24014B-1727-4E93-9118-16741632034C} 2008-12-29 17:30 . 2008-12-29 17:44 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{E085B21D-18BD-4F94-9E81-C0240CED9893} 2008-12-28 10:35 . 2008-12-28 10:35 120 ---hs---- c:\windows\system32\fokkkbph.ini 2008-12-28 10:29 . 2008-12-28 10:29 120 ---hs---- c:\windows\system32\ywccjcvw.ini 2008-12-28 09:29 . 2008-12-28 09:29 120 ---hs---- c:\windows\system32\djehsldx.ini 2008-12-28 09:23 . 2008-12-28 09:23 120 ---hs---- c:\windows\system32\elkyrpfs.ini 2008-12-28 08:23 . 2008-12-28 08:23 120 ---hs---- c:\windows\system32\gkxddrlb.ini 2008-12-28 08:20 . 2008-12-28 08:20 120 ---hs---- c:\windows\system32\gfctvcwo.ini 2008-12-28 07:23 . 2008-12-28 07:23 120 ---hs---- c:\windows\system32\hafcddwd.ini 2008-12-28 07:17 . 2008-12-28 07:17 120 ---hs---- c:\windows\system32\mvndixfu.ini 2008-12-28 06:17 . 2008-12-28 06:17 120 ---hs---- c:\windows\system32\sihmkhjx.ini 2008-12-28 06:11 . 2008-12-28 06:11 120 ---hs---- c:\windows\system32\qfubwamb.ini 2008-12-28 05:14 . 2008-12-28 05:14 120 ---hs---- c:\windows\system32\kgdslgbn.ini 2008-12-28 05:08 . 2008-12-28 05:08 120 ---hs---- c:\windows\system32\yfyaypyw.ini 2008-12-28 05:05 . 2008-12-28 05:05 120 ---hs---- c:\windows\system32\xwouonke.ini 2008-12-28 04:05 . 2008-12-28 04:05 120 ---hs---- c:\windows\system32\rwpgmpdj.ini 2008-12-28 03:05 . 2008-12-28 03:05 120 ---hs---- c:\windows\system32\yptmvthj.ini 2008-12-28 02:59 . 2008-12-28 02:59 120 ---hs---- c:\windows\system32\panvhemx.ini 2008-12-28 01:59 . 2008-12-28 01:59 120 ---hs---- c:\windows\system32\gynmgcsq.ini 2008-12-28 01:56 . 2008-12-28 01:56 120 ---hs---- c:\windows\system32\fwwbcbrv.ini 2008-12-28 01:53 . 2008-12-28 01:53 120 ---hs---- c:\windows\system32\isfymvtd.ini 2008-12-28 01:29 . 2009-01-08 18:15 7 --a------ c:\windows\system32\ANIWZCSUSERNAME 2008-12-28 01:09 . 2008-12-28 01:10 <REP> d-------- c:\documents and settings\Chan\Application Data\U3 2008-12-28 00:58 . 2008-12-28 02:12 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{2B376CA3-3B96-48E2-B873-27190B23F827} 2008-12-28 00:53 . 2007-06-06 09:40 377,920 -ra------ c:\windows\system32\drivers\A5AGU.sys 2008-12-28 00:53 . 2007-05-31 17:13 155,536 -ra------ c:\windows\system32\drivers\ar5523.bin 2008-12-28 00:53 . 2005-05-05 16:04 24,576 -ra------ c:\windows\system32\DWLInst.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-01 19:10 --------- d--h--w c:\program files\InstallShield Installation Information . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\ANIWZCSUSERNAME{03642EFD-0647-4CB5-9ED8-24C18AA40049} ---- c:\windows\system32\ANIWZCSUSERNAME{03642EFD-0647-4CB5-9ED8-24C18AA40049}\ ---- Directory of c:\windows\system32\ANIWZCSUSERNAME{ED41E75A-E816-42FB-872D-6983320D34F4} ---- c:\windows\system32\ANIWZCSUSERNAME{ED41E75A-E816-42FB-872D-6983320D34F4}\ ((((((((((((((((((((((((((((( snapshot@2009-01-08_13.33.37.75 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-16 19:09:44 92,696 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\cdm.dll + 2008-10-16 19:12:20 561,688 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wuapi.dll + 2008-10-16 19:09:44 51,224 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wuauclt.exe + 2008-10-16 19:13:40 1,809,944 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wuaueng.dll + 2008-10-16 19:12:22 323,608 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wucltui.dll + 2008-10-16 19:08:58 34,328 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wups.dll + 2008-10-16 19:09:44 43,544 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wups2.dll + 2008-10-16 19:13:40 202,776 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wuweb.dll + 2008-10-16 19:06:48 268,648 ------w c:\windows\SoftwareDistribution\SelfUpdate\Registered\mucltui.dll + 2008-10-16 19:06:48 208,744 ------w c:\windows\SoftwareDistribution\SelfUpdate\Registered\muweb.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-19 949376] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "iRiver Updater"="\Updater.exe" [2004-07-01 212992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064] "D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2007-11-12 1662976] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2002-12-10 17:32 155648 c:\program files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] --a------ 2002-12-10 17:31 61440 c:\program files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 05:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] --a------ 2003-03-20 13:21 1855488 c:\windows\mixer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-03-19 15424] R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2008-12-28 377920] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2009-01-01 352338] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contenu du dossier 'Tâches planifiées' 2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.a2articles.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021YYCA LSP: c:\windows\system32\imon.dll TCP: {91091312-7BF4-4BFF-BD82-6671CF23A2FB} = 192.168.0.1 TCP: {ED41E75A-E816-42FB-872D-6983320D34F4} = 4.2.2.2,4.2.2.3 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-08 18:15:19 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\TEMP\OLDFC.tmp 549720 bytes executable c:\windows\system32\wuauclt.exe.wusetup.356203.bak 53080 bytes executable c:\windows\system32\wuaueng.dll.wusetup.366765.bak 1712984 bytes executable ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(964) c:\windows\system32\imon.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\ESET\nod32krn.exe c:\windows\system32\WgaTray.exe C:\Updater.exe c:\windows\system32\wscntfy.exe c:\program files\Nikon\PictureProject\NkbMonitor.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2009-01-08 18:24:52 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-08 23:23:32 ComboFix2.txt 2009-01-08 18:37:05 Avant-CF: 4ÿ394ÿ229ÿ760 octets libres AprÞs-CF: 4,358,631,424 octets libres 421 --- E O F --- 2008-05-28 07:01:40
  23. Voici le rapport : ComboFix 09-01-08.01 - Chan 2009-01-08 13:06:16.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.532 [GMT -5:00] Lancé depuis: c:\documents and settings\Chan\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Chan\LOCALS~1\Temp\tmp1.tmp c:\docume~1\Chan\LOCALS~1\Temp\tmp2.tmp c:\documents and settings\Chan\Application Data\FunWebProducts c:\documents and settings\Chan\Application Data\FunWebProducts\Data\Chan\avatar.dat c:\documents and settings\Chan\Application Data\FunWebProducts\Data\Chan\wffavs.dat c:\program files\Antivirus 2009 c:\program files\Antivirus 2009\av2009.exe c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\2AB96E0E.dat c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\09E84288.bin c:\program files\MyWebSearch\bar\Cache\09E84595.bin c:\program files\MyWebSearch\bar\Cache\09E84622.bin c:\program files\MyWebSearch\bar\Cache\09E8476A c:\program files\MyWebSearch\bar\Cache\10ED8A2B c:\program files\MyWebSearch\bar\Cache\10ED8E32 c:\program files\MyWebSearch\bar\Cache\10ED94CA.bin c:\program files\MyWebSearch\bar\Cache\10ED95D3.bin c:\program files\MyWebSearch\bar\Cache\10ED9825.bin c:\program files\MyWebSearch\bar\Cache\10ED9DC3.bin c:\program files\MyWebSearch\bar\Cache\10ED9FE5.bin c:\program files\MyWebSearch\bar\Cache\10F99973.bin c:\program files\MyWebSearch\bar\Cache\10F99B38.bin c:\program files\MyWebSearch\bar\Cache\10F99BB5.bin c:\program files\MyWebSearch\bar\Cache\10F99CDE.bin c:\program files\MyWebSearch\bar\Cache\10F99F01.bin c:\program files\MyWebSearch\bar\Cache\4EB6B414 c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search2 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\bar\Settings\setting2.htm c:\program files\MyWebSearch\bar\Settings\settings.dat c:\program files\Piolet Toolbar\v3.0.0.0\Piolet_Toolbar.dll c:\windows\system32\ezowoj.dll c:\windows\system32\fhbcylqd.dll c:\windows\system32\hcdtkunv.dll c:\windows\system32\hkguyq.dll c:\windows\system32\ieupdates.exe c:\windows\system32\ivyumfca.dll c:\windows\system32\klulajrg.dll c:\windows\system32\lecwrwmb.dll c:\windows\system32\tvGOonnn.ini c:\windows\system32\tvGOonnn.ini2 c:\windows\system32\txaoescc.dll c:\windows\system32\yrowww.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 )))))))))))))))))))))))))))))))))))) . 2009-01-05 14:22 . 2009-01-07 14:23 1,356,108 ---hs---- c:\windows\system32\vnuktdch.ini 2009-01-05 14:22 . 2009-01-05 14:22 1,340,535 --a------ c:\windows\system32\iqypwhtn.tmp 2009-01-04 18:19 . 2009-01-04 18:19 <REP> d-------- C:\rsit 2009-01-04 18:19 . 2009-01-04 18:19 <REP> d-------- c:\program files\trend micro 2009-01-04 14:21 . 2009-01-05 14:22 1,340,499 ---hs---- c:\windows\system32\iqypwhtn.ini 2009-01-03 14:19 . 2009-01-04 14:20 1,340,499 ---hs---- c:\windows\system32\bmwrwcel.ini 2009-01-02 14:16 . 2009-01-03 14:16 1,340,499 ---hs---- c:\windows\system32\dqlycbhf.ini 2009-01-02 13:17 . 2009-01-02 13:17 120 ---hs---- c:\windows\system32\moidisfd.ini 2009-01-02 13:14 . 2009-01-02 13:14 120 ---hs---- c:\windows\system32\rujjkcsu.ini 2009-01-02 13:11 . 2009-01-02 13:11 120 ---hs---- c:\windows\system32\dsvvlqey.ini 2009-01-02 12:10 . 2009-01-02 12:11 120 ---hs---- c:\windows\system32\alrinkom.ini 2009-01-02 12:07 . 2009-01-02 12:08 120 ---hs---- c:\windows\system32\rrdlejcc.ini 2009-01-02 11:07 . 2009-01-02 11:08 120 ---hs---- c:\windows\system32\xyvrjwca.ini 2009-01-02 10:07 . 2009-01-02 10:07 120 ---hs---- c:\windows\system32\iroalfwn.ini 2009-01-02 10:01 . 2009-01-02 10:02 120 ---hs---- c:\windows\system32\bxirkrye.ini 2009-01-02 08:58 . 2009-01-02 08:58 120 ---hs---- c:\windows\system32\exixrsey.ini 2009-01-02 07:58 . 2009-01-02 07:59 120 ---hs---- c:\windows\system32\preeqgej.ini 2009-01-02 07:52 . 2009-01-02 07:53 120 ---hs---- c:\windows\system32\gblqxaok.ini 2009-01-02 06:49 . 2009-01-02 06:50 120 ---hs---- c:\windows\system32\ebcdombk.ini 2009-01-02 06:46 . 2009-01-02 06:47 120 ---hs---- c:\windows\system32\lxyxqrmo.ini 2009-01-02 05:49 . 2009-01-02 05:49 120 ---hs---- c:\windows\system32\mywiuyro.ini 2009-01-02 05:43 . 2009-01-02 05:43 120 ---hs---- c:\windows\system32\rlrvlxbg.ini 2009-01-02 04:43 . 2009-01-02 04:43 120 ---hs---- c:\windows\system32\ybkjbwff.ini 2009-01-02 04:40 . 2009-01-02 04:40 120 ---hs---- c:\windows\system32\rommteug.ini 2009-01-02 04:37 . 2009-01-02 04:37 120 ---hs---- c:\windows\system32\knkitkvb.ini 2009-01-02 03:37 . 2009-01-02 03:37 120 ---hs---- c:\windows\system32\qesfwjoc.ini 2009-01-02 02:34 . 2009-01-02 02:35 120 ---hs---- c:\windows\system32\ktoareey.ini 2009-01-02 02:31 . 2009-01-02 02:31 120 ---hs---- c:\windows\system32\sylrgdji.ini 2009-01-02 01:31 . 2009-01-02 01:32 120 ---hs---- c:\windows\system32\swlwdgos.ini 2009-01-02 01:28 . 2009-01-02 01:28 120 ---hs---- c:\windows\system32\fgsmhmdf.ini 2009-01-02 01:25 . 2009-01-02 01:26 120 ---hs---- c:\windows\system32\jwqetahy.ini 2009-01-02 00:25 . 2009-01-02 00:26 120 ---hs---- c:\windows\system32\gpfybnyl.ini 2009-01-01 23:22 . 2009-01-01 23:22 120 ---hs---- c:\windows\system32\mwjhcnih.ini 2009-01-01 23:16 . 2009-01-01 23:17 120 ---hs---- c:\windows\system32\vliksdob.ini 2009-01-01 22:19 . 2009-01-01 22:20 120 ---hs---- c:\windows\system32\qavxfesg.ini 2009-01-01 22:13 . 2009-01-01 22:14 120 ---hs---- c:\windows\system32\vaohkehj.ini 2009-01-01 21:13 . 2009-01-01 21:14 120 ---hs---- c:\windows\system32\sgswnraa.ini 2009-01-01 20:13 . 2009-01-01 20:13 120 ---hs---- c:\windows\system32\bdcjgcpe.ini 2009-01-01 20:07 . 2009-01-01 20:07 120 ---hs---- c:\windows\system32\icahbvyy.ini 2009-01-01 19:07 . 2009-01-01 19:08 120 ---hs---- c:\windows\system32\frcbxxgr.ini 2009-01-01 18:04 . 2009-01-01 18:05 120 ---hs---- c:\windows\system32\xsssgyfy.ini 2009-01-01 16:55 . 2009-01-01 16:56 120 ---hs---- c:\windows\system32\vlpedpsa.ini 2009-01-01 16:52 . 2009-01-01 16:53 120 ---hs---- c:\windows\system32\khtsglui.ini 2009-01-01 15:52 . 2009-01-01 15:53 120 ---hs---- c:\windows\system32\safvvbcq.ini 2009-01-01 15:49 . 2009-01-01 15:50 120 ---hs---- c:\windows\system32\nrpjqvja.ini 2009-01-01 14:49 . 2009-01-01 14:50 120 ---hs---- c:\windows\system32\uptoqsiq.ini 2009-01-01 14:46 . 2009-01-01 14:47 120 ---hs---- c:\windows\system32\hkarlusk.ini 2009-01-01 14:43 . 2009-01-01 14:43 120 ---hs---- c:\windows\system32\rjnsyaji.ini 2009-01-01 14:15 . 2009-01-08 13:26 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{ED41E75A-E816-42FB-872D-6983320D34F4} 2009-01-01 14:11 . 2007-08-21 09:25 374 --------- c:\windows\system32\DWLAB.dat 2009-01-01 14:10 . 2005-10-19 18:19 1,327,189 --a------ c:\windows\system32\odSupp_M.dll 2009-01-01 14:10 . 2007-09-05 18:13 679,936 --a------ c:\windows\system32\ANIWZCS2.dll 2009-01-01 14:10 . 2007-08-14 13:26 262,144 --a------ c:\windows\system32\wnicapi.dll 2009-01-01 14:10 . 2007-08-20 17:41 233,472 --a------ c:\windows\system32\WlanApp.dll 2009-01-01 14:10 . 2007-05-12 13:33 217,088 --a------ c:\windows\system32\aIPH.dll 2009-01-01 14:10 . 2005-10-27 08:55 49,152 --a------ c:\windows\system32\JJAKEn.dll 2009-01-01 14:10 . 2005-10-19 18:19 49,152 --a------ c:\windows\system32\AQCKGen.dll 2009-01-01 14:10 . 2006-09-26 13:49 45,115 --a------ c:\windows\system32\ANICtl.dll 2009-01-01 14:09 . 2009-01-01 14:10 <REP> d-------- c:\program files\ANI 2009-01-01 14:09 . 2007-09-21 00:23 405,583 --a------ c:\windows\system32\jswscsup.dll 2009-01-01 14:09 . 2007-07-06 17:30 57,376 --a------ c:\windows\system32\jswscimd.sys 2009-01-01 14:09 . 2007-07-06 17:30 57,376 --a------ c:\windows\system32\drivers\jswscimd.sys 2009-01-01 14:09 . 2005-12-13 10:38 48,128 --a------ c:\windows\system32\ANIO64.sys 2009-01-01 14:09 . 2005-10-21 15:56 36,864 --a------ c:\windows\system32\ANIOApi.dll 2009-01-01 14:09 . 2005-12-11 11:55 28,195 --a------ c:\windows\system32\ANIO.sys 2009-01-01 14:09 . 2004-10-14 10:29 16,997 --a------ c:\windows\system32\ANIO.VXD 2009-01-01 14:09 . 2007-07-28 18:07 12,564 --a------ c:\windows\system32\jswscimdp.cat 2009-01-01 14:09 . 2007-07-28 18:07 12,135 --a------ c:\windows\system32\jswscimd.cat 2009-01-01 14:09 . 2004-10-14 10:29 11,904 --a------ c:\windows\system32\anio4.sys 2009-01-01 14:09 . 2007-07-06 17:30 5,529 --a------ c:\windows\system32\jswscimdp.inf 2009-01-01 14:09 . 2007-07-06 17:30 2,231 --a------ c:\windows\system32\jswscimd.inf 2009-01-01 14:08 . 2009-01-01 14:08 <REP> d-------- c:\program files\D-Link 2009-01-01 14:08 . 2009-01-01 14:08 <REP> d-------- c:\documents and settings\Chan\Application Data\InstallShield 2009-01-01 13:43 . 2009-01-01 13:44 120 ---hs---- c:\windows\system32\tnebjpih.ini 2009-01-01 13:39 . 2009-01-01 13:39 120 ---hs---- c:\windows\system32\qspgdqpl.ini 2008-12-31 18:01 . 2008-12-31 18:01 120 ---hs---- c:\windows\system32\qsnawuol.ini 2008-12-31 16:53 . 2008-12-31 16:53 120 ---hs---- c:\windows\system32\giwirnbo.ini 2008-12-31 16:49 . 2008-12-31 16:50 120 ---hs---- c:\windows\system32\inwqdhoi.ini 2008-12-31 16:44 . 2008-12-31 16:48 5 --a------ c:\windows\system32\ANIWZCSUSERNAME{03642EFD-0647-4CB5-9ED8-24C18AA40049} 2008-12-31 14:46 . 2008-12-31 14:46 120 ---hs---- c:\windows\system32\iepibydv.ini 2008-12-31 14:43 . 2008-12-31 14:43 120 ---hs---- c:\windows\system32\ocksrhol.ini 2008-12-31 14:43 . 2008-12-31 14:43 120 ---hs---- c:\windows\system32\nahpenjy.ini 2008-12-30 17:40 . 2008-12-30 17:41 120 ---hs---- c:\windows\system32\ydvydjrp.ini 2008-12-30 17:37 . 2008-12-30 17:37 120 ---hs---- c:\windows\system32\qiptwrbx.ini 2008-12-30 16:37 . 2008-12-30 16:38 120 ---hs---- c:\windows\system32\icuvnfnv.ini 2008-12-30 16:34 . 2008-12-30 16:34 120 ---hs---- c:\windows\system32\jvhlkmhl.ini 2008-12-30 16:31 . 2008-12-30 16:32 120 ---hs---- c:\windows\system32\vijmsltv.ini 2008-12-30 15:31 . 2008-12-30 15:32 120 ---hs---- c:\windows\system32\klqucxud.ini 2008-12-30 15:28 . 2008-12-30 15:28 120 ---hs---- c:\windows\system32\fgejmtbd.ini 2008-12-30 14:28 . 2008-12-30 14:28 120 ---hs---- c:\windows\system32\ymnbcyxn.ini 2008-12-30 14:25 . 2008-12-30 14:25 120 ---hs---- c:\windows\system32\wwfppfep.ini 2008-12-30 14:22 . 2008-12-30 14:22 120 ---hs---- c:\windows\system32\vyoceuoc.ini 2008-12-30 13:22 . 2008-12-30 13:23 120 ---hs---- c:\windows\system32\wuvsygvq.ini 2008-12-30 13:19 . 2008-12-30 13:19 120 ---hs---- c:\windows\system32\oljwgmxu.ini 2008-12-30 12:48 . 2008-12-30 12:48 <REP> d-------- c:\documents and settings\Chan\Application Data\MSN6 2008-12-30 12:48 . 2008-12-30 12:48 <REP> d-------- c:\documents and settings\All Users\Application Data\MSN6 2008-12-30 12:19 . 2008-12-30 12:19 120 ---hs---- c:\windows\system32\tgfgmlch.ini 2008-12-30 12:16 . 2008-12-30 12:17 120 ---hs---- c:\windows\system32\sfgfrlom.ini 2008-12-30 11:16 . 2008-12-30 11:16 120 ---hs---- c:\windows\system32\gwktqjyt.ini 2008-12-30 11:13 . 2008-12-30 11:13 120 ---hs---- c:\windows\system32\ngioccaj.ini 2008-12-30 11:10 . 2008-12-30 11:11 120 ---hs---- c:\windows\system32\spjaceoh.ini 2008-12-30 10:10 . 2008-12-30 10:10 120 ---hs---- c:\windows\system32\yogcdfqd.ini 2008-12-30 10:07 . 2008-12-30 10:08 120 ---hs---- c:\windows\system32\xbwuqlgb.ini 2008-12-30 09:07 . 2008-12-30 09:08 120 ---hs---- c:\windows\system32\knwsnaxw.ini 2008-12-30 09:04 . 2008-12-30 09:05 120 ---hs---- c:\windows\system32\ufmacrrh.ini 2008-12-30 09:01 . 2008-12-30 09:02 120 ---hs---- c:\windows\system32\cciaacnc.ini 2008-12-30 08:01 . 2008-12-30 08:02 120 ---hs---- c:\windows\system32\mbjyalsm.ini 2008-12-30 07:58 . 2008-12-30 07:58 120 ---hs---- c:\windows\system32\pjacwgpb.ini 2008-12-30 06:58 . 2008-12-30 06:58 120 ---hs---- c:\windows\system32\gfreeaqp.ini 2008-12-30 06:55 . 2008-12-30 06:56 120 ---hs---- c:\windows\system32\ecfejmkx.ini 2008-12-30 05:55 . 2008-12-30 05:55 120 ---hs---- c:\windows\system32\vhimeiiv.ini 2008-12-30 05:52 . 2008-12-30 05:52 120 ---hs---- c:\windows\system32\plolgpyq.ini 2008-12-30 05:49 . 2008-12-30 05:50 120 ---hs---- c:\windows\system32\wiavhblo.ini 2008-12-30 04:49 . 2008-12-30 04:49 120 ---hs---- c:\windows\system32\yufbpadu.ini 2008-12-30 04:46 . 2008-12-30 04:47 120 ---hs---- c:\windows\system32\ugaaicnb.ini 2008-12-30 03:46 . 2008-12-30 03:47 120 ---hs---- c:\windows\system32\rhgxtbrg.ini 2008-12-30 03:43 . 2008-12-30 03:43 120 ---hs---- c:\windows\system32\avcogqgd.ini 2008-12-30 03:40 . 2008-12-30 03:40 120 ---hs---- c:\windows\system32\eofoldtu.ini 2008-12-30 02:40 . 2008-12-30 02:40 120 ---hs---- c:\windows\system32\quiijcxv.ini 2008-12-30 02:37 . 2008-12-30 02:38 120 ---hs---- c:\windows\system32\ujpenoyq.ini 2008-12-30 01:37 . 2008-12-30 01:37 120 ---hs---- c:\windows\system32\ptvawift.ini 2008-12-30 01:34 . 2008-12-30 01:35 120 ---hs---- c:\windows\system32\mwmjvhhb.ini 2008-12-30 00:34 . 2008-12-30 00:34 120 ---hs---- c:\windows\system32\wbqcytis.ini 2008-12-30 00:32 . 2008-12-30 00:32 120 ---hs---- c:\windows\system32\akmboqem.ini 2008-12-30 00:28 . 2008-12-30 00:29 120 ---hs---- c:\windows\system32\foxeyvwd.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-01 19:10 --------- d--h--w c:\program files\InstallShield Installation Information 2007-01-24 04:20 49 ----a-w c:\documents and settings\Chan\Application Data\internaldb41.dat 2007-01-24 04:20 382 ----a-w c:\documents and settings\Chan\Application Data\internaldb1942.dat 2007-01-24 04:01 69,632 ----a-w c:\documents and settings\Chan\Application Data\internaldb4827.dat 2007-01-24 04:01 151 ----a-w c:\documents and settings\Chan\Application Data\internaldb2391.dat 2007-01-24 04:01 0 ----a-w c:\documents and settings\Chan\Application Data\internaldb1952.dat 2006-11-18 15:51 0 ----a-w c:\documents and settings\Chan\Application Data\internaldb7573.dat 2006-11-16 19:32 0 ----a-w c:\documents and settings\Chan\Application Data\internaldb5436.dat 2006-11-13 01:14 0 ----a-w c:\documents and settings\Chan\Application Data\internaldb70.dat 2006-11-13 01:14 0 ----a-w c:\documents and settings\Chan\Application Data\internaldb4808.dat 2006-10-31 00:41 9,216 ----a-w c:\documents and settings\Chan\Application Data\internaldb8467.dat 2006-10-31 00:41 0 ----a-w c:\documents and settings\Chan\Application Data\internaldb6334.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CA60057-9277-49C0-8D64-280DBAD9C3E1}] 2008-06-09 22:21 33792 --------- c:\windows\system32\nnnnLETm.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-19 949376] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "iRiver Updater"="\Updater.exe" [2004-07-01 212992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064] "D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2007-11-12 1662976] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{3CA60057-9277-49C0-8D64-280DBAD9C3E1}"= "c:\windows\system32\nnnnLETm.dll" [2008-06-09 33792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnLETm] 2008-06-09 22:21 33792 c:\windows\system32\nnnnLETm.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=ezowoj.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2002-12-10 17:32 155648 c:\program files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] --a------ 2002-12-10 17:31 61440 c:\program files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 05:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] --a------ 2003-03-20 13:21 1855488 c:\windows\mixer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-03-19 15424] R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2008-12-28 377920] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2009-01-01 352338] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contenu du dossier 'Tâches planifiées' 2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{2fdf0b0a-ed25-4af8-87c5-3caac50916c3} - c:\windows\system32\ezowoj.dll BHO-{324CBBBA-98A3-4DC6-B451-53B430D872E1} - c:\windows\system32\nnnoOGvt.dll HKCU-Run-ares - c:\program files\ARES\Ares.exe HKLM-Run-Piolet - c:\program files\Piolet\Piolet.exe HKLM-Run-Windows UDP Control Services - wksvcsc.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.a2articles.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021YYCA LSP: c:\windows\system32\imon.dll TCP: {91091312-7BF4-4BFF-BD82-6671CF23A2FB} = 192.168.0.1 TCP: {ED41E75A-E816-42FB-872D-6983320D34F4} = 4.2.2.2,4.2.2.3 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-08 13:25:38 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\nnnnLETm.dll - - - - - - - > 'lsass.exe'(964) c:\windows\system32\imon.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\ESET\nod32krn.exe c:\windows\system32\wscntfy.exe c:\windows\system32\WgaTray.exe C:\Updater.exe c:\program files\Nikon\PictureProject\NkbMonitor.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2009-01-08 13:36:59 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-08 18:36:53 Avant-CF: 1ÿ838ÿ071ÿ808 octets libres AprÞs-CF: 4,421,193,728 octets libres 351 --- E O F --- 2008-05-28 07:01:40
  24. Bonjour à tous ! Mon ordinateur souffre d'une lenteur extrême et depuis peu, mon écran oscille (mais seulement dans Windows). J'a aussi contracté le fameux virus ANTIVIRUS 2009...bref ça va mal ! J'ai fait un scan&clean en profondeur avec NOD32, qui m'a identifité et détruit environ 800 infections, mais il en reste toujours ( c'est encore lent et l'écran oscill toujours ). Voici donc le rapport HJT, merci de votre temps ------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:40:18, on 2009-01-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Updater.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Chan\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a2articles.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: {3c61905c-aac3-5c78-8fa4-52dea0b0fdf2} - {2fdf0b0a-ed25-4af8-87c5-3caac50916c3} - C:\WINDOWS\system32\ezowoj.dll O2 - BHO: (no name) - {324CBBBA-98A3-4DC6-B451-53B430D872E1} - C:\WINDOWS\system32\nnnoOGvt.dll (file missing) O2 - BHO: (no name) - {3CA60057-9277-49C0-8D64-280DBAD9C3E1} - C:\WINDOWS\system32\nnnnLETm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Banner Rotator - {E954DB82-1533-4714-92F2-59C98D5C18CC} - C:\WINDOWS\system32\brrotate.dll (file missing) O2 - BHO: Piolet Toolbar Helper - {EDDF3383-EC5F-49DF-A8B6-CEC2D8F6164C} - C:\Program Files\Piolet Toolbar\v3.0.0.0\Piolet_Toolbar.dll O3 - Toolbar: Piolet Toolbar - {C75C8E7E-5059-4469-AC11-D7544B260382} - C:\Program Files\Piolet Toolbar\v3.0.0.0\Piolet_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate" O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [1c2b2f23] rundll32.exe "C:\WINDOWS\system32\hcdtkunv.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\ARES\Ares.exe" -h O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [72180210216497766307753018251819] C:\Program Files\Antivirus 2009\av2009.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021YYCA O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chnal.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153171804935 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chnal.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{91091312-7BF4-4BFF-BD82-6671CF23A2FB}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED41E75A-E816-42FB-872D-6983320D34F4}: NameServer = 4.2.2.2,4.2.2.3 O20 - AppInit_DLLs: ezowoj.dll O20 - Winlogon Notify: nnnnLETm - C:\WINDOWS\SYSTEM32\nnnnLETm.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- End of file - 10058 bytes
×
×
  • Créer...