djjs
Membres-
Compteur de contenus
8 -
Inscription
-
Dernière visite
Autres informations
-
Mes langues
francais, english
djjs's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
[resolu] mikolobe.dll, bakafe.dll ??? Help svp :-) ??
djjs a répondu à un(e) sujet de djjs dans Analyses et éradication malwares
Genial, merci beaucoup pour tout ces conseils ! Oh juste avant, est ce que tu connaitrais un autre moyen de uninstall combofix par hasard ?? Car la ligne de code ne fonctionne pas je comprend pas (due a version americaine de windows ..?).. -
[resolu] mikolobe.dll, bakafe.dll ??? Help svp :-) ??
djjs a répondu à un(e) sujet de djjs dans Analyses et éradication malwares
Oui j avais pas remarquer qu on m avait repondu sur l autre forum, jvien drepondre ! antivir: Avira AntiVir Premium Report file date: Monday, March 30, 2009 22:42 Scanning for 1302306 virus strains and unwanted programs. Licensed to: Poirier Jean-Sebastien Serial number: 2201069558-PEPWE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: JS Version information: BUILD.DAT : 8.1.0.367 20012 Bytes 12/08/2008 11:31:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 18:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 17:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 22:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 17:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 20:29:38 ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 16:15:34 ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 30/01/2009 23:35:16 ANTIVIR3.VDF : 7.1.1.208 2048 Bytes 30/01/2009 23:35:16 Engineversion : 8.2.0.60 AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 19:49:38 AESCRIPT.DLL : 8.1.1.32 340347 Bytes 22/01/2009 23:44:02 AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 01:35:16 AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 16:43:26 AEPACK.DLL : 8.1.3.5 393588 Bytes 09/01/2009 19:36:14 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 11/12/2008 23:54:10 AEHEUR.DLL : 8.1.0.86 1552759 Bytes 22/01/2009 23:44:02 AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 01:06:00 AEGEN.DLL : 8.1.1.10 323957 Bytes 17/01/2009 01:24:20 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 19:49:36 AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 17:28:20 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 19:49:34 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 18:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 19:28:01 AVREP.DLL : 7.0.0.1 155688 Bytes 01/07/2008 00:35:20 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 21:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 18:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 22:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 03:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 22:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 22:05:10 RCIMAGE.DLL : 8.0.0.51 2564353 Bytes 12/06/2008 23:29:30 RCTEXT.DLL : 8.0.51.0 86273 Bytes 27/06/2008 21:00:56 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition premium\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Monday, March 30, 2009 22:42 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'RAMASST.exe' - '1' Module(s) have been scanned Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TvsTray.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'THotkey.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned Scan process 'avmailc.exe' - '1' Module(s) have been scanned Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned Scan process 'Crypserv.exe' - '1' Module(s) have been scanned Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned Scan process 'avesvc.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 49 processes with 49 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '69' files ). Starting the file scan: Begin scan in 'C:\' <SQ004126P01> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Jean-Sebastien\My Documents\Games\Sam_and_Max_Season_2_Episode_1_Ice_Station_Santa-RAZOR\rzrsm280.zip [0] Archive type: ZIP --> rzrsm2.r78 [1] Archive type: RAR --> crack.zip [WARNING] No further files can be extracted from this archive. The archive will be closed C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175422.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a02cf60.qua'! C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175424.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a02cf61.qua'! C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175427.exe [DETECTION] Is the TR/Killav.28714 Trojan [NOTE] The file was moved to '4e94ba2a.qua'! C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175438.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a02cf62.qua'! C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175439.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4e94ba2b.qua'! End of the scan: Tuesday, March 31, 2009 01:29 Used time: 2:47:20 Hour(s) The scan has been done completely. 25948 Scanning directories 818704 Files were scanned 5 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 5 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 818697 Files not concerned 13804 Archives were scanned 3 Warnings 5 Notes malware bytes: Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1922 Windows 5.1.2600 Service Pack 3 3/30/2009 11:12:22 PM mbam-log-2009-03-30 (23-12-22).txt Type de recherche: Examen rapide Eléments examinés: 80416 Temps écoulé: 16 minute(s), 13 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -
[resolu] mikolobe.dll, bakafe.dll ??? Help svp :-) ??
djjs a répondu à un(e) sujet de djjs dans Analyses et éradication malwares
OK je l ai recharger et oui ca marchait mieu direct (par contre la ligne de code pour le desinstaller ne marchait pas, ptet parceque j ai windows version americaine..?) voila le combofix ComboFix 09-03-30.02 - Jean-Sebastien 2009-03-30 21:59:33.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1014.572 [GMT -7:00] Lancé depuis: c:\documents and settings\Jean-Sebastien\Desktop\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Jean-Sebastien\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé FILE :: c:\windows\Internet Logs\xDBE.tmp c:\windows\Internet Logs\xDBF.tmp c:\windows\system32\dwabho.dll c:\windows\system32\hajovapa.exe c:\windows\system32\wodezoga.exe c:\windows\system32\zagubura.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Internet Logs\xDBE.tmp c:\windows\Internet Logs\xDBF.tmp c:\windows\system32\dwabho.dll c:\windows\system32\hajovapa.exe c:\windows\system32\wodezoga.exe c:\windows\system32\zagubura.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 )))))))))))))))))))))))))))))))))))) . 2009-03-30 00:46 . 2009-03-30 00:56 <DIR> d-------- C:\COlaF 2009-03-29 11:18 . 2009-03-29 11:19 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\W Photo Studio Viewer 2009-03-28 23:23 . 2009-03-28 23:23 54,156 --ah----- c:\windows\QTFont.qfn 2009-03-28 23:23 . 2009-03-28 23:23 1,409 --a------ c:\windows\QTFont.for 2009-03-15 09:07 . 2009-03-15 09:07 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-03 17:37 . 2009-03-03 17:37 <DIR> d-------- c:\program files\MSECache 2009-02-15 21:16 . 2009-02-15 21:16 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-01 12:53 . 2009-02-07 09:06 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\skypePM 2009-02-01 12:53 . 2009-02-01 12:53 48 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Skype 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-01 12:45 . 2009-02-07 09:12 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\Skype 2009-02-01 12:44 . 2009-02-01 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-31 05:06 41,476,128 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-30 17:53 488,180 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-03-30 07:11 10,229,758 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-03-18 15:02 --------- d-----w c:\program files\Spybot 2009-03-18 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-16 17:07 --------- d-----w c:\documents and settings\Jean-Sebastien\Application Data\Vso 2009-03-12 01:34 102,344 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\GDIPFONTCACHEV1.DAT 2009-03-06 06:05 --------- d-----w c:\program files\IsoBuster 2009-02-27 04:34 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 19:03 --------- d-----w c:\program files\eMule 2009-02-16 04:16 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-11 03:52 5,632 --sha-w c:\program files\Thumbs.db 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-01-30 20:07 --------- d-----w c:\program files\Avira 2009-01-30 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-30 19:53 --------- d-----w c:\program files\Fruityloops7 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll 2006-10-30 22:53 0 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\wklnhst.dat 2008-10-22 19:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102220081023\index.dat . ((((((((((((((((((((((((((((( SnapShot_2009-03-30_ 0.18.53.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-31 04:39:11 16,384 ----atw c:\windows\temp\Perflib_Perfdata_260.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] "TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Medal of Honor Pacific Assault\\mohpa.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Ubisoft\\Far Cry\\Bin32\\FarCry.exe"= "c:\\Program Files\\VLC\\vlc.exe"= "c:\\Team17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"= "c:\\Program Files\\Cossacks\\dmcr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\TPSBattM.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe"= "c:\\Program Files\\Microsoft LifeCam\\MSCamS32.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spybot\\TeaTimer.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2006-10-27 44480] R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-01-30 164097] R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-01-30 258305] R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-01-30 41217] S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [2007-04-07 8576] S3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [2007-04-07 384128] S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?] S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys --> c:\windows\system32\drivers\FILESPY.sys [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-04 13352] S3 NETMDSHA;MDSHA031;c:\windows\system32\drivers\MDSHA031.sys [2008-06-22 35331] S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2719839664-1612303478-808430666-1005.job - c:\documents and settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 17:55] 2007-08-25 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job - D:\setup.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: avsda.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-30 22:06:20 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="C50D2FED5EE752DF6F89D31287CD385A3111AEAA5D8BB631355AF4EEB643970B88C501F6D12 480C51CD058AF7E79E035172CFADB99B92DE874D70E2753B0ED8A78D04CCA49B319476C504B3F6B6B 41C7AE9A8FFA39A9904017DD7449C7CA16052620DA2B99B3DF36043A33CB48D3EB00536FCE7D7DBB6 05E4C8285D3B9449BF7B46829BF6E480C8C9D86CAC5E5E364EE7003D0BEF9538D8BD39DD7AA22D27C 86DAA4E814C496CBE582F08102645624C88971E079175B7E3786CD33134D2F2EF963940117EE4B3D8 115F678B83CE41866FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98089 DB7CE019D40AA5C6C79D870FCAECAFB49A74ACB694C3EED0EB2322B5F103CD4F16BC291143DE51882 6E555935F256EFE1E62EEFD7F255645CD891122C735653C203279D0A0E3D0E9E49B0FAC6ADFE0335B A0C06DD1A0F78D0168897EB8E9CD6E6F00D1774DA9A8307DF891BF9A19ECA1B3A3E1B691A1059F863 CEB5516521C9C1AF27FEE9791CBC904B30E66C95800400BFD2273D476F5CF6FBCEC9E58068BA487B5 FBBD84455A0A76A2AEB10D3E48F646A0D7F70FD3C7BFE62A995046DEFD986D650988397CD3A4BDE32 1F2CAB80F0DB1FE2E2EC1EF6D2DA5731BEDB3DA1FD99854CC27AD57FB60E8F33D758EFF9CE8E827EF 0738C9322E665EE4DF0826222B391D7CCAA65D96B18A5D2D004F5ED76B9823EAD94AE7C5095581CAF 1BD786E11C482B2D4FAE3FCD251062A870196DD7AD4B3681B7F18EE5EB3FA9B606D9D8012CB9B1BFF 71F88F88381ED6433397B074ED22C389745998E036FBA1933A71864D23C0DC00BA980AA16EE32EAB6 368FB992CE9A04441CE31C8880A66E7466F31791E7915441436348D593A18737F917CE89B9AF789E6 EA5833CCEF936F0BF16C5FE1BC77FA66567574CEBE069C76BF04451D44E8E5EB70DDC76FAF25027DF 1543C575EBAD9B8EB1831BBBC8254E7D71BE9EA00CA08EF839E51D68858164F60105A35D6EADD63FD E9A72886730042061063A6735F00E33417FAFBFD8F44EBA5BA4EBFBF4305FFD7B8F9B9C7FE67749FA 067FB047238F70AD2E3EEBC9B75BE19A6003BDD74C92540DF9F085858809F6714E604F7541983B7A9 B6E1FE73AD72BA71AE5D4A1FC214F0A14E29622397024E492DED324B4052399137ACB74D262D5E0D7 20B415A00F01DB3E7365357F355670AB159570D004BB6F862EAAE83AF0A798435518A5793700E379B A4C4EC7B6919E152FB0A8C7979DD50C6B38EF0EC9E8152ABA7BFC2DC463746EE3E8335FA5636F6E6B 05CCB39764195A2834E9CF096510009C207547384CD2E5AD9D5E7C09D7D7FCA1B3160FACAE7ACFEBA 3E8E49EEE37D7578A21B6E758BBD0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1096) c:\windows\system32\avsda.dll . Heure de fin: 2009-03-30 22:10:07 ComboFix-quarantined-files.txt 2009-03-31 05:10:01 ComboFix2.txt 2009-03-30 07:55:58 ComboFix3.txt 2009-03-30 07:20:46 ComboFix4.txt 2009-01-08 23:39:26 Avant-CF: 4,526,313,472 bytes free Après-CF: 4,526,604,288 bytes free 175 --- E O F --- 2009-03-16 04:04:51 et le hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:17:29 PM, on 3/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://online-search.c.la/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://e.absparis.com/qp2.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://inside.sfsu.edu/mail04b/dwa7W.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10408 bytes Merci encore ! -
[resolu] mikolobe.dll, bakafe.dll ??? Help svp :-) ??
djjs a répondu à un(e) sujet de djjs dans Analyses et éradication malwares
Lol mais oui je sais bien ! Je n'ai rien changer mais pour la premiere fois, en glissant le fichier txt dessus une boite de dialogue s'ouvre et le software ne s'ouvre pas.. C'est bizarre non ?? -
[resolu] mikolobe.dll, bakafe.dll ??? Help svp :-) ??
djjs a répondu à un(e) sujet de djjs dans Analyses et éradication malwares
hmmm, il me dit "vous ne pouvez pas renommer Combo fix par COlaF, veuillez essayer un autre nom composer seulment d alphanumerique." J ai essayer sans les majuscules mais c'est pareil... as tu une idee ? -
[resolu] mikolobe.dll, bakafe.dll ??? Help svp :-) ??
djjs a répondu à un(e) sujet de djjs dans Analyses et éradication malwares
Voila la suite, merci pour ta rapidite ! Par contre je suis a San Francisco la et il est 1h du mat donc jvais aller me coucher, mais si jamais y a encore des trucs a faire jles ferais dmain matin donc c'est normal si je repond pas tout de suite ! ComboFix 09-03-29.02 - Jean-Sebastien 2009-03-30 0:47:29.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1014.442 [GMT -7:00] Lancé depuis: c:\documents and settings\Jean-Sebastien\Desktop\COlaF.exe Commutateurs utilisés :: c:\documents and settings\Jean-Sebastien\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé FILE :: c:\documents and settings\Jean-Sebastien\Templates\Brengkolang.com c:\windows\system32\bafekefe.dll c:\windows\system32\lenosopo.dll c:\windows\system32\rutobuki.dll c:\windows\Tasks\At1.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lenosopo.dll c:\windows\system32\rutobuki.dll c:\windows\Tasks\At1.job . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 )))))))))))))))))))))))))))))))))))) . 2009-03-29 23:38 . 2009-03-29 23:41 <DIR> d-------- C:\ComboFix 2009-03-29 11:18 . 2009-03-29 11:19 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\W Photo Studio Viewer 2009-03-28 23:23 . 2009-03-28 23:23 54,156 --ah----- c:\windows\QTFont.qfn 2009-03-28 23:23 . 2009-03-28 23:23 1,409 --a------ c:\windows\QTFont.for 2009-03-15 09:07 . 2009-03-15 09:07 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-03 17:37 . 2009-03-03 17:37 <DIR> d-------- c:\program files\MSECache 2009-02-15 21:16 . 2009-02-15 21:16 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-01 12:53 . 2009-02-07 09:06 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\skypePM 2009-02-01 12:53 . 2009-02-01 12:53 48 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Skype 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-01 12:45 . 2009-02-07 09:12 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\Skype 2009-02-01 12:44 . 2009-02-01 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 07:52 41,220,128 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-30 07:11 10,229,758 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-03-30 07:10 485,084 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-03-30 01:18 61,440 --sha-w c:\windows\system32\zagubura.exe 2009-03-29 06:45 61,440 --sha-w c:\windows\system32\hajovapa.exe 2009-03-28 18:45 61,440 --sha-w c:\windows\system32\wodezoga.exe 2009-03-18 15:02 --------- d-----w c:\program files\Spybot 2009-03-18 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-16 17:07 --------- d-----w c:\documents and settings\Jean-Sebastien\Application Data\Vso 2009-03-12 01:34 102,344 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\GDIPFONTCACHEV1.DAT 2009-03-06 06:05 --------- d-----w c:\program files\IsoBuster 2009-02-27 04:34 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 19:03 --------- d-----w c:\program files\eMule 2009-02-16 04:16 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-11 03:52 5,632 --sha-w c:\program files\Thumbs.db 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-07 09:48 759,808 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-01-30 20:07 --------- d-----w c:\program files\Avira 2009-01-30 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-30 19:53 --------- d-----w c:\program files\Fruityloops7 2009-01-25 18:30 83,440 ----a-w c:\windows\system32\dwabho.dll 2009-01-08 11:05 489,472 ----a-w c:\windows\Internet Logs\xDBE.tmp 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll 2006-10-30 22:53 0 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\wklnhst.dat 2008-10-22 19:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102220081023\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] "TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Medal of Honor Pacific Assault\\mohpa.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Ubisoft\\Far Cry\\Bin32\\FarCry.exe"= "c:\\Program Files\\VLC\\vlc.exe"= "c:\\Team17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"= "c:\\Program Files\\Cossacks\\dmcr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\TPSBattM.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe"= "c:\\Program Files\\Microsoft LifeCam\\MSCamS32.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spybot\\TeaTimer.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2006-10-27 44480] R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-01-30 164097] R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-01-30 258305] R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-01-30 41217] S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [2007-04-07 8576] S3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [2007-04-07 384128] S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?] S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys --> c:\windows\system32\drivers\FILESPY.sys [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-04 13352] S3 NETMDSHA;MDSHA031;c:\windows\system32\drivers\MDSHA031.sys [2008-06-22 35331] S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2719839664-1612303478-808430666-1005.job - c:\documents and settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 17:55] 2007-08-25 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job - D:\setup.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: avsda.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-30 00:52:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="C50D2FED5EE752DF6F89D31287CD385A3111AEAA5D8BB631355AF4EEB643970B88C501F6D12 480C51CD058AF7E79E035172CFADB99B92DE874D70E2753B0ED8A78D04CCA49B319476C504B3F6B6B 41C7AE9A8FFA39A9904017DD7449C7CA16052620DA2B99B3DF36043A33CB48D3EB00536FCE7D7DBB6 05E4C8285D3B9449BF7B46829BF6E480C8C9D86CAC5E5E364EE7003D0BEF9538D8BD39DD7AA22D27C 86DAA4E814C496CBE582F08102645624C88971E079175B7E3786CD33134D2F2EF963940117EE4B3D8 115F678B83CE41866FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98089 DB7CE019D40AA5C6C79D870FCAECAFB49A74ACB694C3EED0EB2322B5F103CD4F16BC291143DE51882 6E555935F256EFE1E62EEFD7F255645CD891122C735653C203279D0A0E3D0E9E49B0FAC6ADFE0335B A0C06DD1A0F78D0168897EB8E9CD6E6F00D1774DA9A8307DF891BF9A19ECA1B3A3E1B691A1059F863 CEB5516521C9C1AF27FEE9791CBC904B30E66C95800400BFD2273D476F5CF6FBCEC9E58068BA487B5 FBBD84455A0A76A2AEB10D3E48F646A0D7F70FD3C7BFE62A995046DEFD986D650988397CD3A4BDE32 1F2CAB80F0DB1FE2E2EC1EF6D2DA5731BEDB3DA1FD99854CC27AD57FB60E8F33D758EFF9CE8E827EF 0738C9322E665EE4DF0826222B391D7CCAA65D96B18A5D2D004F5ED76B9823EAD94AE7C5095581CAF 1BD786E11C482B2D4FAE3FCD251062A870196DD7AD4B3681B7F18EE5EB3FA9B606D9D8012CB9B1BFF 71F88F88381ED6433397B074ED22C389745998E036FBA1933A71864D23C0DC00BA980AA16EE32EAB6 368FB992CE9A04441CE31C8880A66E7466F31791E7915441436348D593A18737F917CE89B9AF789E6 EA5833CCEF936F0BF16C5FE1BC77FA66567574CEBE069C76BF04451D44E8E5EB70DDC76FAF25027DF 1543C575EBAD9B8EB1831BBBC8254E7D71BE9EA00CA08EF839E51D68858164F60105A35D6EADD63FD E9A72886730042061063A6735F00E33417FAFBFD8F44EBA5BA4EBFBF4305FFD7B8F9B9C7FE67749FA 067FB047238F70AD2E3EEBC9B75BE19A6003BDD74C92540DF9F085858809F6714E604F7541983B7A9 B6E1FE73AD72BA71AE5D4A1FC214F0A14E29622397024E492DED324B4052399137ACB74D262D5E0D7 20B415A00F01DB3E7365357F355670AB159570D004BB6F862EAAE83AF0A798435518A5793700E379B A4C4EC7B6919E152FB0A8C7979DD50C6B38EF0EC9E8152ABA7BFC2DC463746EE3E8335FA5636F6E6B 05CCB39764195A2834E9CF096510009C207547384CD2E5AD9D5E7C09D7D7FCA1B3160FACAE7ACFEBA 3E8E49EEE37D7578A21B6E758BBD0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1096) c:\windows\system32\avsda.dll . Heure de fin: 2009-03-30 0:55:56 ComboFix-quarantined-files.txt 2009-03-30 07:55:52 ComboFix2.txt 2009-03-30 07:20:46 ComboFix3.txt 2009-01-08 23:39:26 Avant-CF: 4,629,475,328 bytes free Après-CF: 4,637,282,304 bytes free 174 --- E O F --- 2009-03-16 04:04:51 -
[resolu] mikolobe.dll, bakafe.dll ??? Help svp :-) ??
djjs a répondu à un(e) sujet de djjs dans Analyses et éradication malwares
Thanks pour ton temps Angelique ! Voila le rapport Combofix (la premiere fois que je l ai lancer il n a pas fait de rapport, juste a la 2e tentative) ComboFix 09-03-29.02 - Jean-Sebastien 2009-03-30 0:03:35.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1014.573 [GMT -7:00] Lancé depuis: c:\documents and settings\Jean-Sebastien\Desktop\COlaF.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Exécution préalable ------- . c:\documents and settings\Jean-Sebastien\Application Data\GetModule c:\windows\system32\aoqqeo.dll c:\windows\system32\ayunijuh.ini c:\windows\system32\bajoduza.dll c:\windows\system32\benugame.dll c:\windows\system32\biniyogi.dll c:\windows\system32\bumzaq.dll c:\windows\system32\forazeto.dll c:\windows\system32\igoyinib.ini c:\windows\system32\jiyewopo.dll c:\windows\system32\mikolobe.dll c:\windows\system32\movegute.dll c:\windows\system32\nolomipu.dll c:\windows\system32\pikiriro.dll c:\windows\system32\wlcphp.dll c:\windows\system32\wpv091232070177.cpx c:\windows\system32\yjiujp.dll c:\windows\system32\yomudaki.dll c:\windows\system32\zevayiko.dll c:\windows\system32\zukepive.dll c:\windows\wiaserviv.log . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 )))))))))))))))))))))))))))))))))))) . 2009-03-29 23:38 . 2009-03-29 23:41 <DIR> d-------- C:\ComboFix 2009-03-29 11:18 . 2009-03-29 11:19 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\W Photo Studio Viewer 2009-03-28 23:23 . 2009-03-28 23:23 54,156 --ah----- c:\windows\QTFont.qfn 2009-03-28 23:23 . 2009-03-28 23:23 1,409 --a------ c:\windows\QTFont.for 2009-03-28 11:47 . 2009-03-28 11:47 1,024 --ahs---- c:\windows\system32\rutobuki.dll 2009-03-15 09:07 . 2009-03-15 09:07 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-03 17:37 . 2009-03-03 17:37 <DIR> d-------- c:\program files\MSECache 2009-02-15 21:16 . 2009-02-15 21:16 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-01 12:53 . 2009-02-07 09:06 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\skypePM 2009-02-01 12:53 . 2009-02-01 12:53 48 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Skype 2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-01 12:45 . 2009-02-07 09:12 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\Skype 2009-02-01 12:44 . 2009-02-01 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 07:14 41,136,160 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-30 07:10 485,084 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-03-18 15:02 --------- d-----w c:\program files\Spybot 2009-03-18 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-16 17:07 --------- d-----w c:\documents and settings\Jean-Sebastien\Application Data\Vso 2009-03-12 01:34 102,344 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\GDIPFONTCACHEV1.DAT 2009-03-06 06:05 --------- d-----w c:\program files\IsoBuster 2009-02-27 04:34 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 19:03 --------- d-----w c:\program files\eMule 2009-02-11 03:52 5,632 --sha-w c:\program files\Thumbs.db 2009-01-30 20:07 --------- d-----w c:\program files\Avira 2009-01-30 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-30 19:53 --------- d-----w c:\program files\Fruityloops7 2006-10-30 22:53 0 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\wklnhst.dat 1601-01-01 00:12 1,024 --sha-w c:\windows\system32\lenosopo.dll 2008-10-22 19:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102220081023\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-08_23.38.15.82 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll + 2008-09-08 10:41:42 333,824 -c----w c:\windows\$NtUninstallKB958687$\srv.sys + 2007-06-25 21:30:10 325,120 ----a-w c:\windows\Downloaded Program Files\dwa7W.dll - 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll + 2006-10-27 04:12:56 396,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE + 2007-05-08 19:10:18 16,874,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL + 2007-03-22 02:56:50 8,425,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL + 2006-10-27 23:18:34 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OGL.DLL + 2007-05-10 17:04:28 846,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE + 2007-05-10 18:11:42 1,767,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL + 2007-03-22 03:00:06 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE + 2007-03-22 02:58:40 4,145,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL + 2007-03-22 02:58:46 24,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE + 2007-05-10 18:25:40 14,677,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE + 2007-09-15 05:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL + 2007-08-29 08:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL + 2007-08-24 13:00:34 1,767,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PPCNV.DLL + 2007-08-24 13:00:48 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PXBCOM.EXE + 2007-10-03 04:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\XL12CNV.EXE + 2009-03-04 05:03:22 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2000-08-31 08:00:00 28,672 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 15:00:00 29,696 ----a-w c:\windows\NIRCMD.exe - 2000-08-31 08:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 15:00:00 161,792 ----a-w c:\windows\SWREG.exe - 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-03-12 20:29:14 94,465 ----a-w c:\windows\system32\avsda.dll + 2008-09-17 23:29:12 20,040 ----a-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll - 2008-10-22 19:07:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-16 04:00:12 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-10-22 19:07:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-16 04:00:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-10-22 19:07:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-01-16 04:00:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-02-16 04:16:14 410,984 ----a-w c:\windows\system32\deploytk.dll - 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll - 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll - 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll - 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe - 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll + 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll - 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe - 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2009-01-17 05:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-05 06:54:55 144,896 -c----w c:\windows\system32\dllcache\schannel.dll + 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll - 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys + 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys - 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys + 2009-02-09 11:13:27 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys - 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2006-11-22 20:30:31 34,304 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-05-09 21:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys - 2006-11-22 20:30:31 14,848 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-01-22 02:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys - 2008-12-26 17:07:37 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2008-06-27 23:03:55 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys - 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys + 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys - 2007-05-01 06:37:12 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys + 2007-03-01 18:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys + 2009-01-25 18:30:09 83,440 ----a-w c:\windows\system32\dwabho.dll - 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-10-22 19:07:05 337,848 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-11 05:29:38 337,848 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-29 06:45:32 61,440 --sha-w c:\windows\system32\hajovapa.exe - 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2005-06-03 10:24:06 49,248 ----a-w c:\windows\system32\java.exe + 2009-02-16 04:16:14 144,792 ----a-w c:\windows\system32\java.exe - 2005-06-03 10:24:14 49,250 ----a-w c:\windows\system32\javaw.exe + 2009-02-16 04:16:14 144,792 ----a-w c:\windows\system32\javaw.exe - 2005-06-03 11:52:56 127,078 ----a-w c:\windows\system32\javaws.exe + 2009-02-16 04:16:14 148,888 ----a-w c:\windows\system32\javaws.exe - 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2005-05-16 19:34:48 213,048 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2008-08-13 15:03:26 65,536 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2008-08-13 15:03:26 798,720 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-01-17 01:20:07 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll + 2009-01-17 05:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll + 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll - 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll + 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll - 2008-12-26 16:05:13 61,372 ----a-w c:\windows\system32\perfc009.dat + 2009-03-12 14:19:27 61,372 ----a-w c:\windows\system32\perfc009.dat - 2008-12-26 16:05:13 399,050 ----a-w c:\windows\system32\perfh009.dat + 2009-03-12 14:19:27 399,050 ----a-w c:\windows\system32\perfh009.dat - 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll + 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll - 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll + 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll - 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll - 2007-08-10 18:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe + 2007-07-27 17:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe - 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll + 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll - 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\system32\win32k.sys + 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\system32\win32k.sys - 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll + 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll - 2007-06-12 07:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll + 2008-11-12 02:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll + 2009-03-28 18:45:55 61,440 --sha-w c:\windows\system32\wodezoga.exe + 2009-03-30 01:18:28 61,440 --sha-w c:\windows\system32\zagubura.exe + 2009-03-30 07:11:58 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6a8.dat + 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] "mogiluhehe"="c:\windows\system32\bafekefe.dll" [bU] "TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Medal of Honor Pacific Assault\\mohpa.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Ubisoft\\Far Cry\\Bin32\\FarCry.exe"= "c:\\Program Files\\VLC\\vlc.exe"= "c:\\Team17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"= "c:\\Program Files\\Cossacks\\dmcr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\TPSBattM.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe"= "c:\\Program Files\\Microsoft LifeCam\\MSCamS32.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spybot\\TeaTimer.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2006-10-27 44480] R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-01-30 164097] R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-01-30 258305] R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-01-30 41217] S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [2007-04-07 8576] S3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [2007-04-07 384128] S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?] S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys --> c:\windows\system32\drivers\FILESPY.sys [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-04 13352] S3 NETMDSHA;MDSHA031;c:\windows\system32\drivers\MDSHA031.sys [2008-06-22 35331] S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-03-29 c:\windows\Tasks\At1.job - c:\documents and settings\Jean-Sebastien\Templates\Brengkolang.com [] 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2719839664-1612303478-808430666-1005.job - c:\documents and settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 17:55] 2007-08-25 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job - D:\setup.exe [] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{105bff7d-7cc6-4318-85ac-114a7fb06b5d} - c:\windows\system32\aoqqeo.dll BHO-{42e4ce7c-b1f7-4ec1-a212-ad60ee84a14e} - c:\windows\system32\mikolobe.dll BHO-{5108ecec-4b4c-48c4-8a34-6bd4846de956} - (no file) HKLM-Run-CPM031e4ca0 - c:\windows\system32\bajoduza.dll HKLM-Run-002d7f3c - c:\windows\system32\biniyogi.dll . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: avsda.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-30 00:12:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="C50D2FED5EE752DF6F89D31287CD385A3111AEAA5D8BB631355AF4EEB643970B88C501F6D12 480C51CD058AF7E79E035172CFADB99B92DE874D70E2753B0ED8A78D04CCA49B319476C504B3F6B6B 41C7AE9A8FFA39A9904017DD7449C7CA16052620DA2B99B3DF36043A33CB48D3EB00536FCE7D7DBB6 05E4C8285D3B9449BF7B46829BF6E480C8C9D86CAC5E5E364EE7003D0BEF9538D8BD39DD7AA22D27C 86DAA4E814C496CBE582F08102645624C88971E079175B7E3786CD33134D2F2EF963940117EE4B3D8 115F678B83CE41866FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98089 DB7CE019D40AA5C6C79D870FCAECAFB49A74ACB694C3EED0EB2322B5F103CD4F16BC291143DE51882 6E555935F256EFE1E62EEFD7F255645CD891122C735653C203279D0A0E3D0E9E49B0FAC6ADFE0335B A0C06DD1A0F78D0168897EB8E9CD6E6F00D1774DA9A8307DF891BF9A19ECA1B3A3E1B691A1059F863 CEB5516521C9C1AF27FEE9791CBC904B30E66C95800400BFD2273D476F5CF6FBCEC9E58068BA487B5 FBBD84455A0A76A2AEB10D3E48F646A0D7F70FD3C7BFE62A995046DEFD986D650988397CD3A4BDE32 1F2CAB80F0DB1FE2E2EC1EF6D2DA5731BEDB3DA1FD99854CC27AD57FB60E8F33D758EFF9CE8E827EF 0738C9322E665EE4DF0826222B391D7CCAA65D96B18A5D2D004F5ED76B9823EAD94AE7C5095581CAF 1BD786E11C482B2D4FAE3FCD251062A870196DD7AD4B3681B7F18EE5EB3FA9B606D9D8012CB9B1BFF 71F88F88381ED6433397B074ED22C389745998E036FBA1933A71864D23C0DC00BA980AA16EE32EAB6 368FB992CE9A04441CE31C8880A66E7466F31791E7915441436348D593A18737F917CE89B9AF789E6 EA5833CCEF936F0BF16C5FE1BC77FA66567574CEBE069C76BF04451D44E8E5EB70DDC76FAF25027DF 1543C575EBAD9B8EB1831BBBC8254E7D71BE9EA00CA08EF839E51D68858164F60105A35D6EADD63FD E9A72886730042061063A6735F00E33417FAFBFD8F44EBA5BA4EBFBF4305FFD7B8F9B9C7FE67749FA 067FB047238F70AD2E3EEBC9B75BE19A6003BDD74C92540DF9F085858809F6714E604F7541983B7A9 B6E1FE73AD72BA71AE5D4A1FC214F0A14E29622397024E492DED324B4052399137ACB74D262D5E0D7 20B415A00F01DB3E7365357F355670AB159570D004BB6F862EAAE83AF0A798435518A5793700E379B A4C4EC7B6919E152FB0A8C7979DD50C6B38EF0EC9E8152ABA7BFC2DC463746EE3E8335FA5636F6E6B 05CCB39764195A2834E9CF096510009C207547384CD2E5AD9D5E7C09D7D7FCA1B3160FACAE7ACFEBA 3E8E49EEE37D7578A21B6E758BBD0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1096) c:\windows\system32\avsda.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\Crypserv.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\wscntfy.exe c:\windows\system32\TPSBattM.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Heure de fin: 2009-03-30 0:20:43 - La machine a redémarré [Jean-Sebastien] ComboFix-quarantined-files.txt 2009-03-30 07:20:37 ComboFix2.txt 2009-01-08 23:39:26 Avant-CF: 4,739,035,136 bytes free Après-CF: 4,657,995,776 bytes free 454 --- E O F --- 2009-03-16 04:04:51 -
[resolu] mikolobe.dll, bakafe.dll ??? Help svp :-) ??
djjs a posté un sujet dans Analyses et éradication malwares
Bonjour a la communaute, je suis nouveau ici. Mon pc commence a bugger serieusement et j ai spotter plusieur virus grace a hijackthis (mikolobe, bakafe...) mais impossible de les virer, pouvez vous m aider svp ?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:57:53 PM, on 3/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot\TeaTimer.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\internet explorer\iexplore.exe C:\Qoobox\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://online-search.c.la/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: {d5b60bf7-a411-ca58-8134-6cc7d7ffb501} - {105bff7d-7cc6-4318-85ac-114a7fb06b5d} - C:\WINDOWS\system32\aoqqeo.dll O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll O2 - BHO: (no name) - {42e4ce7c-b1f7-4ec1-a212-ad60ee84a14e} - C:\WINDOWS\system32\mikolobe.dll O2 - BHO: (no name) - {5108ecec-4b4c-48c4-8a34-6bd4846de956} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\bafekefe.dll",s (User 'LOCAL SERVICE') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://e.absparis.com/qp2.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://inside.sfsu.edu/mail04b/dwa7W.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\zukepive.dll O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10744 bytes Merci d avance !