Aller au contenu

djjs

Membres
  • Compteur de contenus

    8
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais, english

djjs's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Genial, merci beaucoup pour tout ces conseils ! Oh juste avant, est ce que tu connaitrais un autre moyen de uninstall combofix par hasard ?? Car la ligne de code ne fonctionne pas je comprend pas (due a version americaine de windows ..?)..
  2. Oui j avais pas remarquer qu on m avait repondu sur l autre forum, jvien drepondre ! antivir: Avira AntiVir Premium Report file date: Monday, March 30, 2009 22:42 Scanning for 1302306 virus strains and unwanted programs. Licensed to: Poirier Jean-Sebastien Serial number: 2201069558-PEPWE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: JS Version information: BUILD.DAT : 8.1.0.367 20012 Bytes 12/08/2008 11:31:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 18:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 17:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 22:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 17:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 20:29:38 ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 16:15:34 ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 30/01/2009 23:35:16 ANTIVIR3.VDF : 7.1.1.208 2048 Bytes 30/01/2009 23:35:16 Engineversion : 8.2.0.60 AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 19:49:38 AESCRIPT.DLL : 8.1.1.32 340347 Bytes 22/01/2009 23:44:02 AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 01:35:16 AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 16:43:26 AEPACK.DLL : 8.1.3.5 393588 Bytes 09/01/2009 19:36:14 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 11/12/2008 23:54:10 AEHEUR.DLL : 8.1.0.86 1552759 Bytes 22/01/2009 23:44:02 AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 01:06:00 AEGEN.DLL : 8.1.1.10 323957 Bytes 17/01/2009 01:24:20 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 19:49:36 AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 17:28:20 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 19:49:34 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 18:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 19:28:01 AVREP.DLL : 7.0.0.1 155688 Bytes 01/07/2008 00:35:20 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 21:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 18:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 22:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 03:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 22:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 22:05:10 RCIMAGE.DLL : 8.0.0.51 2564353 Bytes 12/06/2008 23:29:30 RCTEXT.DLL : 8.0.51.0 86273 Bytes 27/06/2008 21:00:56 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition premium\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Monday, March 30, 2009 22:42 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'RAMASST.exe' - '1' Module(s) have been scanned Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TvsTray.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'THotkey.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned Scan process 'avmailc.exe' - '1' Module(s) have been scanned Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned Scan process 'Crypserv.exe' - '1' Module(s) have been scanned Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned Scan process 'avesvc.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 49 processes with 49 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '69' files ). Starting the file scan: Begin scan in 'C:\' <SQ004126P01> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Jean-Sebastien\My Documents\Games\Sam_and_Max_Season_2_Episode_1_Ice_Station_Santa-RAZOR\rzrsm280.zip [0] Archive type: ZIP --> rzrsm2.r78 [1] Archive type: RAR --> crack.zip [WARNING] No further files can be extracted from this archive. The archive will be closed C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175422.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a02cf60.qua'! C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175424.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a02cf61.qua'! C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175427.exe [DETECTION] Is the TR/Killav.28714 Trojan [NOTE] The file was moved to '4e94ba2a.qua'! C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175438.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a02cf62.qua'! C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175439.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4e94ba2b.qua'! End of the scan: Tuesday, March 31, 2009 01:29 Used time: 2:47:20 Hour(s) The scan has been done completely. 25948 Scanning directories 818704 Files were scanned 5 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 5 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 818697 Files not concerned 13804 Archives were scanned 3 Warnings 5 Notes malware bytes: Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1922 Windows 5.1.2600 Service Pack 3 3/30/2009 11:12:22 PM mbam-log-2009-03-30 (23-12-22).txt Type de recherche: Examen rapide Eléments examinés: 80416 Temps écoulé: 16 minute(s), 13 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  3. OK je l ai recharger et oui ca marchait mieu direct (par contre la ligne de code pour le desinstaller ne marchait pas, ptet parceque j ai windows version americaine..?) voila le combofix ComboFix 09-03-30.02 - Jean-Sebastien 2009-03-30 21:59:33.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1014.572 [GMT -7:00] Lancé depuis: c:\documents and settings\Jean-Sebastien\Desktop\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Jean-Sebastien\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé FILE :: c:\windows\Internet Logs\xDBE.tmp c:\windows\Internet Logs\xDBF.tmp c:\windows\system32\dwabho.dll c:\windows\system32\hajovapa.exe c:\windows\system32\wodezoga.exe c:\windows\system32\zagubura.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Internet Logs\xDBE.tmp c:\windows\Internet Logs\xDBF.tmp c:\windows\system32\dwabho.dll c:\windows\system32\hajovapa.exe c:\windows\system32\wodezoga.exe c:\windows\system32\zagubura.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 )))))))))))))))))))))))))))))))))))) . 2009-03-30 00:46 . 2009-03-30 00:56 <DIR> d-------- C:\COlaF 2009-03-29 11:18 . 2009-03-29 11:19 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\W Photo Studio Viewer 2009-03-28 23:23 . 2009-03-28 23:23 54,156 --ah----- c:\windows\QTFont.qfn 2009-03-28 23:23 . 2009-03-28 23:23 1,409 --a------ c:\windows\QTFont.for 2009-03-15 09:07 . 2009-03-15 09:07 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-03 17:37 . 2009-03-03 17:37 <DIR> d-------- c:\program files\MSECache 2009-02-15 21:16 . 2009-02-15 21:16 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-01 12:53 . 2009-02-07 09:06 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\skypePM 2009-02-01 12:53 . 2009-02-01 12:53 48 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Skype 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-01 12:45 . 2009-02-07 09:12 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\Skype 2009-02-01 12:44 . 2009-02-01 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-31 05:06 41,476,128 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-30 17:53 488,180 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-03-30 07:11 10,229,758 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-03-18 15:02 --------- d-----w c:\program files\Spybot 2009-03-18 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-16 17:07 --------- d-----w c:\documents and settings\Jean-Sebastien\Application Data\Vso 2009-03-12 01:34 102,344 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\GDIPFONTCACHEV1.DAT 2009-03-06 06:05 --------- d-----w c:\program files\IsoBuster 2009-02-27 04:34 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 19:03 --------- d-----w c:\program files\eMule 2009-02-16 04:16 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-11 03:52 5,632 --sha-w c:\program files\Thumbs.db 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-01-30 20:07 --------- d-----w c:\program files\Avira 2009-01-30 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-30 19:53 --------- d-----w c:\program files\Fruityloops7 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll 2006-10-30 22:53 0 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\wklnhst.dat 2008-10-22 19:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102220081023\index.dat . ((((((((((((((((((((((((((((( SnapShot_2009-03-30_ 0.18.53.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-31 04:39:11 16,384 ----atw c:\windows\temp\Perflib_Perfdata_260.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] "TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Medal of Honor Pacific Assault\\mohpa.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Ubisoft\\Far Cry\\Bin32\\FarCry.exe"= "c:\\Program Files\\VLC\\vlc.exe"= "c:\\Team17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"= "c:\\Program Files\\Cossacks\\dmcr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\TPSBattM.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe"= "c:\\Program Files\\Microsoft LifeCam\\MSCamS32.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spybot\\TeaTimer.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2006-10-27 44480] R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-01-30 164097] R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-01-30 258305] R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-01-30 41217] S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [2007-04-07 8576] S3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [2007-04-07 384128] S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?] S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys --> c:\windows\system32\drivers\FILESPY.sys [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-04 13352] S3 NETMDSHA;MDSHA031;c:\windows\system32\drivers\MDSHA031.sys [2008-06-22 35331] S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2719839664-1612303478-808430666-1005.job - c:\documents and settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 17:55] 2007-08-25 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job - D:\setup.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: avsda.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-30 22:06:20 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="C50D2FED5EE752DF6F89D31287CD385A3111AEAA5D8BB631355AF4EEB643970B88C501F6D12 480C51CD058AF7E79E035172CFADB99B92DE874D70E2753B0ED8A78D04CCA49B319476C504B3F6B6B 41C7AE9A8FFA39A9904017DD7449C7CA16052620DA2B99B3DF36043A33CB48D3EB00536FCE7D7DBB6 05E4C8285D3B9449BF7B46829BF6E480C8C9D86CAC5E5E364EE7003D0BEF9538D8BD39DD7AA22D27C 86DAA4E814C496CBE582F08102645624C88971E079175B7E3786CD33134D2F2EF963940117EE4B3D8 115F678B83CE41866FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98089 DB7CE019D40AA5C6C79D870FCAECAFB49A74ACB694C3EED0EB2322B5F103CD4F16BC291143DE51882 6E555935F256EFE1E62EEFD7F255645CD891122C735653C203279D0A0E3D0E9E49B0FAC6ADFE0335B A0C06DD1A0F78D0168897EB8E9CD6E6F00D1774DA9A8307DF891BF9A19ECA1B3A3E1B691A1059F863 CEB5516521C9C1AF27FEE9791CBC904B30E66C95800400BFD2273D476F5CF6FBCEC9E58068BA487B5 FBBD84455A0A76A2AEB10D3E48F646A0D7F70FD3C7BFE62A995046DEFD986D650988397CD3A4BDE32 1F2CAB80F0DB1FE2E2EC1EF6D2DA5731BEDB3DA1FD99854CC27AD57FB60E8F33D758EFF9CE8E827EF 0738C9322E665EE4DF0826222B391D7CCAA65D96B18A5D2D004F5ED76B9823EAD94AE7C5095581CAF 1BD786E11C482B2D4FAE3FCD251062A870196DD7AD4B3681B7F18EE5EB3FA9B606D9D8012CB9B1BFF 71F88F88381ED6433397B074ED22C389745998E036FBA1933A71864D23C0DC00BA980AA16EE32EAB6 368FB992CE9A04441CE31C8880A66E7466F31791E7915441436348D593A18737F917CE89B9AF789E6 EA5833CCEF936F0BF16C5FE1BC77FA66567574CEBE069C76BF04451D44E8E5EB70DDC76FAF25027DF 1543C575EBAD9B8EB1831BBBC8254E7D71BE9EA00CA08EF839E51D68858164F60105A35D6EADD63FD E9A72886730042061063A6735F00E33417FAFBFD8F44EBA5BA4EBFBF4305FFD7B8F9B9C7FE67749FA 067FB047238F70AD2E3EEBC9B75BE19A6003BDD74C92540DF9F085858809F6714E604F7541983B7A9 B6E1FE73AD72BA71AE5D4A1FC214F0A14E29622397024E492DED324B4052399137ACB74D262D5E0D7 20B415A00F01DB3E7365357F355670AB159570D004BB6F862EAAE83AF0A798435518A5793700E379B A4C4EC7B6919E152FB0A8C7979DD50C6B38EF0EC9E8152ABA7BFC2DC463746EE3E8335FA5636F6E6B 05CCB39764195A2834E9CF096510009C207547384CD2E5AD9D5E7C09D7D7FCA1B3160FACAE7ACFEBA 3E8E49EEE37D7578A21B6E758BBD0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1096) c:\windows\system32\avsda.dll . Heure de fin: 2009-03-30 22:10:07 ComboFix-quarantined-files.txt 2009-03-31 05:10:01 ComboFix2.txt 2009-03-30 07:55:58 ComboFix3.txt 2009-03-30 07:20:46 ComboFix4.txt 2009-01-08 23:39:26 Avant-CF: 4,526,313,472 bytes free Après-CF: 4,526,604,288 bytes free 175 --- E O F --- 2009-03-16 04:04:51 et le hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:17:29 PM, on 3/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://online-search.c.la/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://e.absparis.com/qp2.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://inside.sfsu.edu/mail04b/dwa7W.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10408 bytes Merci encore !
  4. Lol mais oui je sais bien ! Je n'ai rien changer mais pour la premiere fois, en glissant le fichier txt dessus une boite de dialogue s'ouvre et le software ne s'ouvre pas.. C'est bizarre non ??
  5. hmmm, il me dit "vous ne pouvez pas renommer Combo fix par COlaF, veuillez essayer un autre nom composer seulment d alphanumerique." J ai essayer sans les majuscules mais c'est pareil... as tu une idee ?
  6. Voila la suite, merci pour ta rapidite ! Par contre je suis a San Francisco la et il est 1h du mat donc jvais aller me coucher, mais si jamais y a encore des trucs a faire jles ferais dmain matin donc c'est normal si je repond pas tout de suite ! ComboFix 09-03-29.02 - Jean-Sebastien 2009-03-30 0:47:29.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1014.442 [GMT -7:00] Lancé depuis: c:\documents and settings\Jean-Sebastien\Desktop\COlaF.exe Commutateurs utilisés :: c:\documents and settings\Jean-Sebastien\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé FILE :: c:\documents and settings\Jean-Sebastien\Templates\Brengkolang.com c:\windows\system32\bafekefe.dll c:\windows\system32\lenosopo.dll c:\windows\system32\rutobuki.dll c:\windows\Tasks\At1.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lenosopo.dll c:\windows\system32\rutobuki.dll c:\windows\Tasks\At1.job . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 )))))))))))))))))))))))))))))))))))) . 2009-03-29 23:38 . 2009-03-29 23:41 <DIR> d-------- C:\ComboFix 2009-03-29 11:18 . 2009-03-29 11:19 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\W Photo Studio Viewer 2009-03-28 23:23 . 2009-03-28 23:23 54,156 --ah----- c:\windows\QTFont.qfn 2009-03-28 23:23 . 2009-03-28 23:23 1,409 --a------ c:\windows\QTFont.for 2009-03-15 09:07 . 2009-03-15 09:07 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-03 17:37 . 2009-03-03 17:37 <DIR> d-------- c:\program files\MSECache 2009-02-15 21:16 . 2009-02-15 21:16 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-01 12:53 . 2009-02-07 09:06 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\skypePM 2009-02-01 12:53 . 2009-02-01 12:53 48 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Skype 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-01 12:45 . 2009-02-07 09:12 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\Skype 2009-02-01 12:44 . 2009-02-01 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 07:52 41,220,128 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-30 07:11 10,229,758 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-03-30 07:10 485,084 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-03-30 01:18 61,440 --sha-w c:\windows\system32\zagubura.exe 2009-03-29 06:45 61,440 --sha-w c:\windows\system32\hajovapa.exe 2009-03-28 18:45 61,440 --sha-w c:\windows\system32\wodezoga.exe 2009-03-18 15:02 --------- d-----w c:\program files\Spybot 2009-03-18 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-16 17:07 --------- d-----w c:\documents and settings\Jean-Sebastien\Application Data\Vso 2009-03-12 01:34 102,344 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\GDIPFONTCACHEV1.DAT 2009-03-06 06:05 --------- d-----w c:\program files\IsoBuster 2009-02-27 04:34 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 19:03 --------- d-----w c:\program files\eMule 2009-02-16 04:16 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-11 03:52 5,632 --sha-w c:\program files\Thumbs.db 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-07 09:48 759,808 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-01-30 20:07 --------- d-----w c:\program files\Avira 2009-01-30 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-30 19:53 --------- d-----w c:\program files\Fruityloops7 2009-01-25 18:30 83,440 ----a-w c:\windows\system32\dwabho.dll 2009-01-08 11:05 489,472 ----a-w c:\windows\Internet Logs\xDBE.tmp 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll 2006-10-30 22:53 0 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\wklnhst.dat 2008-10-22 19:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102220081023\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] "TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Medal of Honor Pacific Assault\\mohpa.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Ubisoft\\Far Cry\\Bin32\\FarCry.exe"= "c:\\Program Files\\VLC\\vlc.exe"= "c:\\Team17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"= "c:\\Program Files\\Cossacks\\dmcr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\TPSBattM.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe"= "c:\\Program Files\\Microsoft LifeCam\\MSCamS32.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spybot\\TeaTimer.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2006-10-27 44480] R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-01-30 164097] R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-01-30 258305] R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-01-30 41217] S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [2007-04-07 8576] S3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [2007-04-07 384128] S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?] S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys --> c:\windows\system32\drivers\FILESPY.sys [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-04 13352] S3 NETMDSHA;MDSHA031;c:\windows\system32\drivers\MDSHA031.sys [2008-06-22 35331] S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2719839664-1612303478-808430666-1005.job - c:\documents and settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 17:55] 2007-08-25 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job - D:\setup.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: avsda.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-30 00:52:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="C50D2FED5EE752DF6F89D31287CD385A3111AEAA5D8BB631355AF4EEB643970B88C501F6D12 480C51CD058AF7E79E035172CFADB99B92DE874D70E2753B0ED8A78D04CCA49B319476C504B3F6B6B 41C7AE9A8FFA39A9904017DD7449C7CA16052620DA2B99B3DF36043A33CB48D3EB00536FCE7D7DBB6 05E4C8285D3B9449BF7B46829BF6E480C8C9D86CAC5E5E364EE7003D0BEF9538D8BD39DD7AA22D27C 86DAA4E814C496CBE582F08102645624C88971E079175B7E3786CD33134D2F2EF963940117EE4B3D8 115F678B83CE41866FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98089 DB7CE019D40AA5C6C79D870FCAECAFB49A74ACB694C3EED0EB2322B5F103CD4F16BC291143DE51882 6E555935F256EFE1E62EEFD7F255645CD891122C735653C203279D0A0E3D0E9E49B0FAC6ADFE0335B A0C06DD1A0F78D0168897EB8E9CD6E6F00D1774DA9A8307DF891BF9A19ECA1B3A3E1B691A1059F863 CEB5516521C9C1AF27FEE9791CBC904B30E66C95800400BFD2273D476F5CF6FBCEC9E58068BA487B5 FBBD84455A0A76A2AEB10D3E48F646A0D7F70FD3C7BFE62A995046DEFD986D650988397CD3A4BDE32 1F2CAB80F0DB1FE2E2EC1EF6D2DA5731BEDB3DA1FD99854CC27AD57FB60E8F33D758EFF9CE8E827EF 0738C9322E665EE4DF0826222B391D7CCAA65D96B18A5D2D004F5ED76B9823EAD94AE7C5095581CAF 1BD786E11C482B2D4FAE3FCD251062A870196DD7AD4B3681B7F18EE5EB3FA9B606D9D8012CB9B1BFF 71F88F88381ED6433397B074ED22C389745998E036FBA1933A71864D23C0DC00BA980AA16EE32EAB6 368FB992CE9A04441CE31C8880A66E7466F31791E7915441436348D593A18737F917CE89B9AF789E6 EA5833CCEF936F0BF16C5FE1BC77FA66567574CEBE069C76BF04451D44E8E5EB70DDC76FAF25027DF 1543C575EBAD9B8EB1831BBBC8254E7D71BE9EA00CA08EF839E51D68858164F60105A35D6EADD63FD E9A72886730042061063A6735F00E33417FAFBFD8F44EBA5BA4EBFBF4305FFD7B8F9B9C7FE67749FA 067FB047238F70AD2E3EEBC9B75BE19A6003BDD74C92540DF9F085858809F6714E604F7541983B7A9 B6E1FE73AD72BA71AE5D4A1FC214F0A14E29622397024E492DED324B4052399137ACB74D262D5E0D7 20B415A00F01DB3E7365357F355670AB159570D004BB6F862EAAE83AF0A798435518A5793700E379B A4C4EC7B6919E152FB0A8C7979DD50C6B38EF0EC9E8152ABA7BFC2DC463746EE3E8335FA5636F6E6B 05CCB39764195A2834E9CF096510009C207547384CD2E5AD9D5E7C09D7D7FCA1B3160FACAE7ACFEBA 3E8E49EEE37D7578A21B6E758BBD0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1096) c:\windows\system32\avsda.dll . Heure de fin: 2009-03-30 0:55:56 ComboFix-quarantined-files.txt 2009-03-30 07:55:52 ComboFix2.txt 2009-03-30 07:20:46 ComboFix3.txt 2009-01-08 23:39:26 Avant-CF: 4,629,475,328 bytes free Après-CF: 4,637,282,304 bytes free 174 --- E O F --- 2009-03-16 04:04:51
  7. Thanks pour ton temps Angelique ! Voila le rapport Combofix (la premiere fois que je l ai lancer il n a pas fait de rapport, juste a la 2e tentative) ComboFix 09-03-29.02 - Jean-Sebastien 2009-03-30 0:03:35.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1014.573 [GMT -7:00] Lancé depuis: c:\documents and settings\Jean-Sebastien\Desktop\COlaF.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Exécution préalable ------- . c:\documents and settings\Jean-Sebastien\Application Data\GetModule c:\windows\system32\aoqqeo.dll c:\windows\system32\ayunijuh.ini c:\windows\system32\bajoduza.dll c:\windows\system32\benugame.dll c:\windows\system32\biniyogi.dll c:\windows\system32\bumzaq.dll c:\windows\system32\forazeto.dll c:\windows\system32\igoyinib.ini c:\windows\system32\jiyewopo.dll c:\windows\system32\mikolobe.dll c:\windows\system32\movegute.dll c:\windows\system32\nolomipu.dll c:\windows\system32\pikiriro.dll c:\windows\system32\wlcphp.dll c:\windows\system32\wpv091232070177.cpx c:\windows\system32\yjiujp.dll c:\windows\system32\yomudaki.dll c:\windows\system32\zevayiko.dll c:\windows\system32\zukepive.dll c:\windows\wiaserviv.log . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 )))))))))))))))))))))))))))))))))))) . 2009-03-29 23:38 . 2009-03-29 23:41 <DIR> d-------- C:\ComboFix 2009-03-29 11:18 . 2009-03-29 11:19 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\W Photo Studio Viewer 2009-03-28 23:23 . 2009-03-28 23:23 54,156 --ah----- c:\windows\QTFont.qfn 2009-03-28 23:23 . 2009-03-28 23:23 1,409 --a------ c:\windows\QTFont.for 2009-03-28 11:47 . 2009-03-28 11:47 1,024 --ahs---- c:\windows\system32\rutobuki.dll 2009-03-15 09:07 . 2009-03-15 09:07 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-03 17:37 . 2009-03-03 17:37 <DIR> d-------- c:\program files\MSECache 2009-02-15 21:16 . 2009-02-15 21:16 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-01 12:53 . 2009-02-07 09:06 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\skypePM 2009-02-01 12:53 . 2009-02-01 12:53 48 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Skype 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-01 12:45 . 2009-02-07 09:12 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\Skype 2009-02-01 12:44 . 2009-02-01 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 07:14 41,136,160 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-30 07:10 485,084 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-03-18 15:02 --------- d-----w c:\program files\Spybot 2009-03-18 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-16 17:07 --------- d-----w c:\documents and settings\Jean-Sebastien\Application Data\Vso 2009-03-12 01:34 102,344 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\GDIPFONTCACHEV1.DAT 2009-03-06 06:05 --------- d-----w c:\program files\IsoBuster 2009-02-27 04:34 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 19:03 --------- d-----w c:\program files\eMule 2009-02-11 03:52 5,632 --sha-w c:\program files\Thumbs.db 2009-01-30 20:07 --------- d-----w c:\program files\Avira 2009-01-30 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-30 19:53 --------- d-----w c:\program files\Fruityloops7 2006-10-30 22:53 0 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\wklnhst.dat 1601-01-01 00:12 1,024 --sha-w c:\windows\system32\lenosopo.dll 2008-10-22 19:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102220081023\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-08_23.38.15.82 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll + 2008-09-08 10:41:42 333,824 -c----w c:\windows\$NtUninstallKB958687$\srv.sys + 2007-06-25 21:30:10 325,120 ----a-w c:\windows\Downloaded Program Files\dwa7W.dll - 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll + 2006-10-27 04:12:56 396,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE + 2007-05-08 19:10:18 16,874,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL + 2007-03-22 02:56:50 8,425,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL + 2006-10-27 23:18:34 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OGL.DLL + 2007-05-10 17:04:28 846,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE + 2007-05-10 18:11:42 1,767,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL + 2007-03-22 03:00:06 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE + 2007-03-22 02:58:40 4,145,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL + 2007-03-22 02:58:46 24,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE + 2007-05-10 18:25:40 14,677,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE + 2007-09-15 05:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL + 2007-08-29 08:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL + 2007-08-24 13:00:34 1,767,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PPCNV.DLL + 2007-08-24 13:00:48 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PXBCOM.EXE + 2007-10-03 04:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\XL12CNV.EXE + 2009-03-04 05:03:22 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2000-08-31 08:00:00 28,672 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 15:00:00 29,696 ----a-w c:\windows\NIRCMD.exe - 2000-08-31 08:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 15:00:00 161,792 ----a-w c:\windows\SWREG.exe - 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-03-12 20:29:14 94,465 ----a-w c:\windows\system32\avsda.dll + 2008-09-17 23:29:12 20,040 ----a-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll - 2008-10-22 19:07:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-16 04:00:12 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-10-22 19:07:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-16 04:00:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-10-22 19:07:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-01-16 04:00:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-02-16 04:16:14 410,984 ----a-w c:\windows\system32\deploytk.dll - 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll - 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll - 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll - 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe - 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll + 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll - 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe - 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2009-01-17 05:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-05 06:54:55 144,896 -c----w c:\windows\system32\dllcache\schannel.dll + 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll - 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys + 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys - 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys + 2009-02-09 11:13:27 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys - 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2006-11-22 20:30:31 34,304 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-05-09 21:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys - 2006-11-22 20:30:31 14,848 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-01-22 02:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys - 2008-12-26 17:07:37 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2008-06-27 23:03:55 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys - 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys + 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys - 2007-05-01 06:37:12 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys + 2007-03-01 18:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys + 2009-01-25 18:30:09 83,440 ----a-w c:\windows\system32\dwabho.dll - 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-10-22 19:07:05 337,848 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-11 05:29:38 337,848 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-29 06:45:32 61,440 --sha-w c:\windows\system32\hajovapa.exe - 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2005-06-03 10:24:06 49,248 ----a-w c:\windows\system32\java.exe + 2009-02-16 04:16:14 144,792 ----a-w c:\windows\system32\java.exe - 2005-06-03 10:24:14 49,250 ----a-w c:\windows\system32\javaw.exe + 2009-02-16 04:16:14 144,792 ----a-w c:\windows\system32\javaw.exe - 2005-06-03 11:52:56 127,078 ----a-w c:\windows\system32\javaws.exe + 2009-02-16 04:16:14 148,888 ----a-w c:\windows\system32\javaws.exe - 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2005-05-16 19:34:48 213,048 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2008-08-13 15:03:26 65,536 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2008-08-13 15:03:26 798,720 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-01-17 01:20:07 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll + 2009-01-17 05:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll + 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll - 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll + 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll - 2008-12-26 16:05:13 61,372 ----a-w c:\windows\system32\perfc009.dat + 2009-03-12 14:19:27 61,372 ----a-w c:\windows\system32\perfc009.dat - 2008-12-26 16:05:13 399,050 ----a-w c:\windows\system32\perfh009.dat + 2009-03-12 14:19:27 399,050 ----a-w c:\windows\system32\perfh009.dat - 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll + 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll - 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll + 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll - 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll - 2007-08-10 18:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe + 2007-07-27 17:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe - 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll + 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll - 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\system32\win32k.sys + 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\system32\win32k.sys - 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll + 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll - 2007-06-12 07:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll + 2008-11-12 02:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll + 2009-03-28 18:45:55 61,440 --sha-w c:\windows\system32\wodezoga.exe + 2009-03-30 01:18:28 61,440 --sha-w c:\windows\system32\zagubura.exe + 2009-03-30 07:11:58 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6a8.dat + 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] "mogiluhehe"="c:\windows\system32\bafekefe.dll" [bU] "TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Medal of Honor Pacific Assault\\mohpa.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Ubisoft\\Far Cry\\Bin32\\FarCry.exe"= "c:\\Program Files\\VLC\\vlc.exe"= "c:\\Team17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"= "c:\\Program Files\\Cossacks\\dmcr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\TPSBattM.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe"= "c:\\Program Files\\Microsoft LifeCam\\MSCamS32.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spybot\\TeaTimer.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2006-10-27 44480] R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-01-30 164097] R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-01-30 258305] R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-01-30 41217] S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [2007-04-07 8576] S3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [2007-04-07 384128] S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?] S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys --> c:\windows\system32\drivers\FILESPY.sys [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-04 13352] S3 NETMDSHA;MDSHA031;c:\windows\system32\drivers\MDSHA031.sys [2008-06-22 35331] S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-03-29 c:\windows\Tasks\At1.job - c:\documents and settings\Jean-Sebastien\Templates\Brengkolang.com [] 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2719839664-1612303478-808430666-1005.job - c:\documents and settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 17:55] 2007-08-25 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job - D:\setup.exe [] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{105bff7d-7cc6-4318-85ac-114a7fb06b5d} - c:\windows\system32\aoqqeo.dll BHO-{42e4ce7c-b1f7-4ec1-a212-ad60ee84a14e} - c:\windows\system32\mikolobe.dll BHO-{5108ecec-4b4c-48c4-8a34-6bd4846de956} - (no file) HKLM-Run-CPM031e4ca0 - c:\windows\system32\bajoduza.dll HKLM-Run-002d7f3c - c:\windows\system32\biniyogi.dll . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: avsda.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-30 00:12:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="C50D2FED5EE752DF6F89D31287CD385A3111AEAA5D8BB631355AF4EEB643970B88C501F6D12 480C51CD058AF7E79E035172CFADB99B92DE874D70E2753B0ED8A78D04CCA49B319476C504B3F6B6B 41C7AE9A8FFA39A9904017DD7449C7CA16052620DA2B99B3DF36043A33CB48D3EB00536FCE7D7DBB6 05E4C8285D3B9449BF7B46829BF6E480C8C9D86CAC5E5E364EE7003D0BEF9538D8BD39DD7AA22D27C 86DAA4E814C496CBE582F08102645624C88971E079175B7E3786CD33134D2F2EF963940117EE4B3D8 115F678B83CE41866FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98089 DB7CE019D40AA5C6C79D870FCAECAFB49A74ACB694C3EED0EB2322B5F103CD4F16BC291143DE51882 6E555935F256EFE1E62EEFD7F255645CD891122C735653C203279D0A0E3D0E9E49B0FAC6ADFE0335B A0C06DD1A0F78D0168897EB8E9CD6E6F00D1774DA9A8307DF891BF9A19ECA1B3A3E1B691A1059F863 CEB5516521C9C1AF27FEE9791CBC904B30E66C95800400BFD2273D476F5CF6FBCEC9E58068BA487B5 FBBD84455A0A76A2AEB10D3E48F646A0D7F70FD3C7BFE62A995046DEFD986D650988397CD3A4BDE32 1F2CAB80F0DB1FE2E2EC1EF6D2DA5731BEDB3DA1FD99854CC27AD57FB60E8F33D758EFF9CE8E827EF 0738C9322E665EE4DF0826222B391D7CCAA65D96B18A5D2D004F5ED76B9823EAD94AE7C5095581CAF 1BD786E11C482B2D4FAE3FCD251062A870196DD7AD4B3681B7F18EE5EB3FA9B606D9D8012CB9B1BFF 71F88F88381ED6433397B074ED22C389745998E036FBA1933A71864D23C0DC00BA980AA16EE32EAB6 368FB992CE9A04441CE31C8880A66E7466F31791E7915441436348D593A18737F917CE89B9AF789E6 EA5833CCEF936F0BF16C5FE1BC77FA66567574CEBE069C76BF04451D44E8E5EB70DDC76FAF25027DF 1543C575EBAD9B8EB1831BBBC8254E7D71BE9EA00CA08EF839E51D68858164F60105A35D6EADD63FD E9A72886730042061063A6735F00E33417FAFBFD8F44EBA5BA4EBFBF4305FFD7B8F9B9C7FE67749FA 067FB047238F70AD2E3EEBC9B75BE19A6003BDD74C92540DF9F085858809F6714E604F7541983B7A9 B6E1FE73AD72BA71AE5D4A1FC214F0A14E29622397024E492DED324B4052399137ACB74D262D5E0D7 20B415A00F01DB3E7365357F355670AB159570D004BB6F862EAAE83AF0A798435518A5793700E379B A4C4EC7B6919E152FB0A8C7979DD50C6B38EF0EC9E8152ABA7BFC2DC463746EE3E8335FA5636F6E6B 05CCB39764195A2834E9CF096510009C207547384CD2E5AD9D5E7C09D7D7FCA1B3160FACAE7ACFEBA 3E8E49EEE37D7578A21B6E758BBD0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1096) c:\windows\system32\avsda.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\Crypserv.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\wscntfy.exe c:\windows\system32\TPSBattM.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Heure de fin: 2009-03-30 0:20:43 - La machine a redémarré [Jean-Sebastien] ComboFix-quarantined-files.txt 2009-03-30 07:20:37 ComboFix2.txt 2009-01-08 23:39:26 Avant-CF: 4,739,035,136 bytes free Après-CF: 4,657,995,776 bytes free 454 --- E O F --- 2009-03-16 04:04:51
  8. Bonjour a la communaute, je suis nouveau ici. Mon pc commence a bugger serieusement et j ai spotter plusieur virus grace a hijackthis (mikolobe, bakafe...) mais impossible de les virer, pouvez vous m aider svp ?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:57:53 PM, on 3/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot\TeaTimer.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\internet explorer\iexplore.exe C:\Qoobox\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://online-search.c.la/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: {d5b60bf7-a411-ca58-8134-6cc7d7ffb501} - {105bff7d-7cc6-4318-85ac-114a7fb06b5d} - C:\WINDOWS\system32\aoqqeo.dll O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll O2 - BHO: (no name) - {42e4ce7c-b1f7-4ec1-a212-ad60ee84a14e} - C:\WINDOWS\system32\mikolobe.dll O2 - BHO: (no name) - {5108ecec-4b4c-48c4-8a34-6bd4846de956} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\bafekefe.dll",s (User 'LOCAL SERVICE') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://e.absparis.com/qp2.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://inside.sfsu.edu/mail04b/dwa7W.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\zukepive.dll O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10744 bytes Merci d avance !
×
×
  • Créer...