willow93

Membres

Afficher le profil Afficher son activité

Compteur de contenus
25
Inscription
le 4 juillet 2009
Dernière visite
le 19 juin 2011

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par willow93

[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Encore .... MERCI !!
- le 18 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

L'ordi parait sain ... Mes parents te remercient et demandent comment éviter de re-choper ces virus ? Sachant qu'ils ne téléchargent pas !
- le 18 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

############################## | UsbFix 7.048 | [suppression] Utilisateur: Proprietaire (Administrateur) # ORDI-BUREAU [ ] Mis à jour le 11/06/2011 par TeamXscript Lancé à 11:57:40 | 18/06/2011 Site Web: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Processor model unknown Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Activé Antivirus: avast! Antivirus 5.0.100664421 [Enabled | Updated] RAM -> 2943 Mo C:\ (%systemdrive%) -> Disque fixe # 298 Go (239 Go libre(s) - 80%) [] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 956 Mo (269 Mo libre(s) - 28%) [uDISK] # FAT F:\ -> CD-ROM Z:\ -> Disque fixe # 932 Go (921 Go libre(s) - 99%) [Naudins disk externe] # NTFS ################## | Éléments infectieux | Supprimé! C:\Recycler\S-1-5-21-606747145-1004336348-682003330-1004 Supprimé! Z:\Recycler\S-1-5-21-606747145-1004336348-682003330-1004 ################## | Registre | ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{72e53365-c981-11de-aec0-0026187689d9} Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{82cf69c4-9f8c-11de-948a-806d6172696f} Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{c1a542fa-6776-11e0-af88-0026187689d9} ################## | Listing | [12/09/2009 - 12:01:45 | D ] C:\5cd38f7d474ff71e7d02efa03b [12/09/2009 - 11:30:41 | N | 0] C:\AUTOEXEC.BAT [17/06/2011 - 18:10:39 | N | 216] C:\boot.ini [14/04/2008 - 14:00:00 | N | 4952] C:\Bootfont.bin [17/06/2011 - 23:21:17 | D ] C:\Config.Msi [12/09/2009 - 11:30:41 | N | 0] C:\CONFIG.SYS [07/11/2009 - 16:39:06 | N | 81] C:\CTX.DAT [12/09/2009 - 11:35:26 | D ] C:\Documents and Settings [12/09/2009 - 11:30:41 | N | 0] C:\IO.SYS [12/09/2009 - 11:30:41 | N | 0] C:\MSDOS.SYS [17/06/2011 - 23:19:15 | RHD ] C:\MSOCache [14/04/2008 - 14:00:00 | N | 47564] C:\NTDETECT.COM [14/04/2008 - 14:00:00 | N | 252240] C:\ntldr [17/06/2011 - 20:58:53 | ASH | 2145386496] C:\pagefile.sys [17/06/2011 - 18:21:32 | N | 512] C:\PhysicalDisk0_MBR.bin [17/06/2011 - 23:56:30 | D ] C:\Program Files [18/06/2011 - 11:59:14 | SHD ] C:\RECYCLER [16/06/2011 - 18:30:32 | SHD ] C:\System Volume Information [17/06/2011 - 18:52:08 | N | 41594] C:\TDSSKiller.2.5.5.0_17.06.2011_18.50.24_log.txt [18/06/2011 - 11:59:14 | D ] C:\UsbFix [18/06/2011 - 11:59:14 | A | 1081] C:\UsbFix.txt [24/12/2009 - 18:42:02 | D ] C:\UT2004 [17/06/2011 - 23:54:57 | D ] C:\WINDOWS [17/06/2011 - 09:53:38 | D ] C:\wins.Bin [17/06/2011 - 20:51:49 | N | 5230] C:\ZHPExportRegistry-17-06-2011-20-51-49.txt [17/06/2011 - 17:15:01 | D ] C:\_OTM [25/05/2011 - 19:25:48 | D ] E:\callanques 2011 [26/12/2009 - 16:20:28 | D ] E:\Chiots de Ork [26/12/2009 - 16:23:02 | D ] E:\cannes 2007 [26/12/2009 - 16:24:16 | D ] E:\chiots 2007 [01/11/2010 - 23:47:54 | D ] E:\chalet coralie [03/09/2010 - 22:16:22 | N | 2776244] E:\appart juju.zip [30/08/2010 - 16:30:18 | D ] E:\avri l2010 anniv ginette [10/01/2011 - 18:02:30 | D ] E:\mariage Mélissa (2) [20/05/2011 - 14:43:38 | D ] E:\alleyras mai 2011 [26/05/2011 - 22:08:17 | D ] Z:\Annie [18/06/2011 - 11:59:14 | SHD ] Z:\RECYCLER [24/05/2011 - 10:47:49 | SHD ] Z:\System Volume Information ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) E:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) Z:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_ORDI-BUREAU.zip http://www.teamxscript.org/Upload.php Merci de votre contribution. ################## | E.O.F |
- le 18 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

############################## | UsbFix 7.048 | [Recherche] Utilisateur: Proprietaire (Administrateur) # ORDI-BUREAU [ ] Mis à jour le 11/06/2011 par TeamXscript Lancé à 23:23:13 | 17/06/2011 Site Web: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Processor model unknown Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Activé Antivirus: avast! Antivirus 5.0.100664421 [(!) Disabled | Updated] RAM -> 2943 Mo C:\ (%systemdrive%) -> Disque fixe # 298 Go (255 Go libre(s) - 85%) [] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 956 Mo (269 Mo libre(s) - 28%) [uDISK] # FAT F:\ -> CD-ROM Z:\ -> Disque fixe # 932 Go (921 Go libre(s) - 99%) [Naudins disk externe] # NTFS ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{72e53365-c981-11de-aec0-0026187689d9} Shell\AutoRun\Command = G:\InstallTomTomHOME.exe HKCU\.\.\.\.\Explorer\MountPoints2\{82cf69c4-9f8c-11de-948a-806d6172696f} Shell\AutoRun\Command = D:\Bin\ASSETUP.exe HKCU\.\.\.\.\Explorer\MountPoints2\{c1a542fa-6776-11e0-af88-0026187689d9} Shell\AutoRun\Command = E:\iStudio.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F |
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

On a l'air bon : Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Version de la base de données: 6880 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17/06/2011 21:48:24 mbam-log-2011-06-17 (21-48-24).txt Type d'examen: Examen complet (C:\|E:\|Z:\|) Elément(s) analysé(s): 202730 Temps écoulé: 27 minute(s), 24 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Plus de messages d'avast (pour l'instant)
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Bon appétit RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Proprietaire [Droits d'admin] Mode: Suppression -- Date : 17/06/2011 19:26:28 Processus malicieux: 0 Entrees de registre: 3 [bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) Fichier HOSTS: Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Rapport de ZHPFix 1.12.3316 par Nicolas Coolman, Update du 16/06/2011 Fichier d'export Registre : Run by Proprietaire at 17/06/2011 20:51:49 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== ERREUR CLSID MPSK: {82cf69c4-9f8c-11de-948a-806d6172696f} ERREUR Key: Service Legacy: LEGACY_AMSERVICE ABSENT Key: Service Legacy: LEGACY_SSHNAS SUPPRIME Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler SUPPRIME Key: HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF} SUPPRIME Key: HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF ========== Valeur(s) du Registre ========== ABSENT IFC: [FEATURE_BROWSER_EMULATION] svchost.exe ========== Préférences navigateur ========== SUPPRIME Mozilla Pref: user_pref("extensions.asktb.cbid", "H2"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.default-channel-url-mask", "http://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.fresh-install", false); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.l", "dis"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.last-config-req", "1261617542164"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.locale", "fr_FR"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.o", "15455"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.qsrc", "2871"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.r", "2"); ========== Dossier(s) ========== SUPPRIME Temporaires Windows: : 72 SUPPRIME Flash Cookies: 2 ========== Fichier(s) ========== SUPPRIME Temporaires Windows: : 51 SUPPRIME Flash Cookies: 1 ========== Récapitulatif ========== 6 : Clé(s) du Registre 1 : Valeur(s) du Registre 2 : Dossier(s) 2 : Fichier(s) 10 : Préférences navigateur ========== Chemin du fichier rapport ========== C:\Program Files\ZHPDiag\ZHPFixReport.txt End of the scan
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Proprietaire [Droits d'admin] Mode: Recherche -- Date : 17/06/2011 19:25:55 Processus malicieux: 0 Entrees de registre: 3 [bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND Fichier HOSTS: Termine : << RKreport[1].txt >> RKreport[1].txt
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

2011/06/17 18:50:24.0671 2308 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/17 18:50:24.0859 2308 ================================================================================ 2011/06/17 18:50:24.0859 2308 SystemInfo: 2011/06/17 18:50:24.0859 2308 2011/06/17 18:50:24.0859 2308 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/17 18:50:24.0859 2308 Product type: Workstation 2011/06/17 18:50:24.0859 2308 ComputerName: ORDI-BUREAU 2011/06/17 18:50:24.0859 2308 UserName: Proprietaire 2011/06/17 18:50:24.0859 2308 Windows directory: C:\WINDOWS 2011/06/17 18:50:24.0859 2308 System windows directory: C:\WINDOWS 2011/06/17 18:50:24.0859 2308 Processor architecture: Intel x86 2011/06/17 18:50:24.0859 2308 Number of processors: 1 2011/06/17 18:50:24.0859 2308 Page size: 0x1000 2011/06/17 18:50:24.0859 2308 Boot type: Normal boot 2011/06/17 18:50:24.0875 2308 ================================================================================ 2011/06/17 18:50:25.0453 2308 Initialize success 2011/06/17 18:50:50.0453 2164 ================================================================================ 2011/06/17 18:50:50.0453 2164 Scan started 2011/06/17 18:50:50.0453 2164 Mode: Manual; 2011/06/17 18:50:50.0453 2164 ================================================================================ 2011/06/17 18:50:52.0015 2164 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/06/17 18:50:52.0171 2164 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/17 18:50:52.0250 2164 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/17 18:50:52.0359 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/17 18:50:52.0421 2164 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/06/17 18:50:52.0546 2164 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 2011/06/17 18:50:52.0687 2164 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/06/17 18:50:52.0734 2164 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/06/17 18:50:52.0781 2164 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/06/17 18:50:52.0843 2164 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys 2011/06/17 18:50:52.0875 2164 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys 2011/06/17 18:50:52.0921 2164 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/06/17 18:50:53.0000 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/17 18:50:53.0078 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/17 18:50:53.0140 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/17 18:50:53.0234 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/17 18:50:53.0312 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/17 18:50:53.0375 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/17 18:50:53.0406 2164 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/06/17 18:50:53.0468 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/17 18:50:53.0531 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/17 18:50:53.0609 2164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/17 18:50:53.0781 2164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/17 18:50:53.0859 2164 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/17 18:50:53.0890 2164 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/17 18:50:53.0906 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/17 18:50:53.0968 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/17 18:50:54.0078 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/17 18:50:54.0140 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/17 18:50:54.0187 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/17 18:50:54.0234 2164 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/17 18:50:54.0265 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/17 18:50:54.0343 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/06/17 18:50:54.0390 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/17 18:50:54.0453 2164 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/17 18:50:54.0515 2164 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 2011/06/17 18:50:54.0562 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/17 18:50:54.0640 2164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/17 18:50:54.0718 2164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/17 18:50:54.0796 2164 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/06/17 18:50:54.0812 2164 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/06/17 18:50:54.0828 2164 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/06/17 18:50:54.0890 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/17 18:50:54.0937 2164 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/17 18:50:54.0984 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/17 18:50:55.0187 2164 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/17 18:50:55.0265 2164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/06/17 18:50:55.0328 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/17 18:50:55.0343 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/17 18:50:55.0453 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/17 18:50:55.0546 2164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/17 18:50:55.0609 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/17 18:50:55.0656 2164 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/17 18:50:55.0687 2164 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/17 18:50:55.0718 2164 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/17 18:50:55.0781 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/17 18:50:55.0843 2164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/17 18:50:55.0906 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/17 18:50:55.0937 2164 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/17 18:50:55.0953 2164 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/17 18:50:56.0000 2164 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/17 18:50:56.0015 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/17 18:50:56.0046 2164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/17 18:50:56.0140 2164 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/17 18:50:56.0171 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/17 18:50:56.0234 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/17 18:50:56.0281 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/17 18:50:56.0296 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/17 18:50:56.0390 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/17 18:50:56.0437 2164 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/06/17 18:50:56.0500 2164 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/06/17 18:50:56.0578 2164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/17 18:50:56.0625 2164 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/06/17 18:50:56.0687 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/17 18:50:56.0750 2164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/06/17 18:50:56.0781 2164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/17 18:50:56.0859 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/17 18:50:56.0875 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/17 18:50:56.0921 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/17 18:50:56.0953 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/17 18:50:57.0000 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/17 18:50:57.0046 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/17 18:50:57.0140 2164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/17 18:50:57.0171 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/17 18:50:57.0531 2164 nv (b095950698abe343f67098d76810f09e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/06/17 18:50:57.0609 2164 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/06/17 18:50:57.0687 2164 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys 2011/06/17 18:50:57.0703 2164 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/06/17 18:50:57.0781 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/17 18:50:57.0812 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/17 18:50:57.0859 2164 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/17 18:50:57.0890 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/17 18:50:57.0906 2164 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/17 18:50:57.0984 2164 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS 2011/06/17 18:50:58.0015 2164 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS 2011/06/17 18:50:58.0062 2164 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/17 18:50:58.0093 2164 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/17 18:50:58.0109 2164 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/17 18:50:58.0296 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/17 18:50:58.0390 2164 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys 2011/06/17 18:50:58.0453 2164 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/06/17 18:50:58.0484 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/17 18:50:58.0500 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/17 18:50:58.0562 2164 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/17 18:50:58.0687 2164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/17 18:50:58.0703 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/17 18:50:58.0734 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/17 18:50:58.0750 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/17 18:50:58.0781 2164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/17 18:50:58.0812 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/17 18:50:58.0890 2164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/17 18:50:58.0937 2164 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/17 18:50:59.0031 2164 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\WINDOWS\system32\Drivers\RtsUStor.sys 2011/06/17 18:50:59.0093 2164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/17 18:50:59.0171 2164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/17 18:50:59.0187 2164 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/17 18:50:59.0218 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/17 18:50:59.0312 2164 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/06/17 18:50:59.0359 2164 SoC PC-Camera Service (93f11cceab41a47a0a6317b640b3b807) C:\WINDOWS\system32\DRIVERS\pfc027.sys 2011/06/17 18:50:59.0390 2164 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/06/17 18:50:59.0484 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/17 18:50:59.0609 2164 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/06/17 18:50:59.0609 2164 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/06/17 18:50:59.0625 2164 sptd - detected LockedFile.Multi.Generic (1) 2011/06/17 18:50:59.0656 2164 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/17 18:50:59.0703 2164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/17 18:50:59.0750 2164 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/06/17 18:50:59.0796 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/17 18:50:59.0875 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/17 18:51:00.0000 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/17 18:51:00.0046 2164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/17 18:51:00.0109 2164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/17 18:51:00.0125 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/17 18:51:00.0171 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/17 18:51:00.0250 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/17 18:51:00.0328 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/17 18:51:00.0390 2164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/17 18:51:00.0421 2164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/17 18:51:00.0484 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/17 18:51:00.0546 2164 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/06/17 18:51:00.0593 2164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/17 18:51:00.0625 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/17 18:51:00.0656 2164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/17 18:51:00.0703 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/17 18:51:00.0781 2164 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/17 18:51:00.0828 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/17 18:51:00.0906 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/17 18:51:01.0015 2164 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/06/17 18:51:01.0078 2164 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/06/17 18:51:01.0093 2164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/17 18:51:01.0125 2164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/17 18:51:01.0171 2164 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk0\DR0 2011/06/17 18:51:01.0171 2164 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/17 18:51:01.0171 2164 MBR (0x1B8) (26650c08ac5546b66c62409f7a54ada4) \Device\Harddisk1\DR2 2011/06/17 18:51:01.0234 2164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR3 2011/06/17 18:51:01.0296 2164 ================================================================================ 2011/06/17 18:51:01.0296 2164 Scan finished 2011/06/17 18:51:01.0296 2164 ================================================================================ 2011/06/17 18:51:01.0312 2152 Detected object count: 2 2011/06/17 18:51:01.0312 2152 Actual detected object count: 2 2011/06/17 18:51:21.0156 2152 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/06/17 18:51:21.0187 2152 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/17 18:51:21.0187 2152 \Device\Harddisk0\DR0 - ok 2011/06/17 18:51:21.0187 2152 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/17 18:52:08.0453 3800 Deinitialize success édit : c'est peut être lié mais maintenant l'upload remarche : http://www.cijoint.fr/cjlink.php?file=cj201106/cijaU4bXXw.txt
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Trés bizzard je ne peut pas Uploader le fichier... sur aucun des liens que tu m'a filé... "La connexion a été réinitialisée La connexion avec le serveur a été réinitialisée pendant le chargement de la page." edit : j'ai vu ton message, non tu est meme plutot très rapide ! Ok je dis plus rien
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

au fait le processus Svchost.exe orend une ressource énorme qui augmente avec le temps (167 204 Ko) peut etre faudrait il creuser de ce coté la ?
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Pour info c'est le PC de mes parents qui sont un peu Noobs... Rapport Scan : ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 17:51:56 le 17/06/2011, Mode normal Microsoft Windows XP Édition familiale Service Pack 3 (X86) Proprietaire@ORDI-BUREAU ( ) ============== RECHERCHE ============== Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Fichier trouvé: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\searchplugins\askcom.xml Dossier trouvé: C:\Documents and Settings\Proprietaire\Local Settings\Application Data\AskToolbar -- Fichier ouvert: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\Prefs.js -- Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne trouvée: user_pref("browser.search.order.1", "Ask.com"); Ligne trouvée: user_pref("extensions.asktb.cbid", "H2"); Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&... Ligne trouvée: user_pref("extensions.asktb.fresh-install", false); Ligne trouvée: user_pref("extensions.asktb.l", "dis"); Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1261617542164"); Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR"); Ligne trouvée: user_pref("extensions.asktb.o", "15455"); Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871"); Ligne trouvée: user_pref("extensions.asktb.r", "2"); -- Fichier Fermé -- Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé trouvée: HKCU\Software\Ask.com Clé trouvée: HKCU\Software\AskToolbar Clé trouvée: HKCU\Software\AppDataLow\AskBarDis Clé trouvée: HKCU\Software\AppDataLow\AskHomePage Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [4.0.1 (fr)] **** HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Searchplugins\pucuy.xml (hxxp://www.pucuy.com/google) Components\AskHPRFF.js Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default -- Extensions\toolbar@iadah.com (?) Extensions\z0rya@free.fr (zoryazilla) Searchplugins\askcom.xml (?) Searchplugins\iadah.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameiadah</ShortName<Descriptioniadah</Description<...) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Proprietaire\\Mes documents\\Annie Prefs.js - browser.search.defaultenginename, Ask.com Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxps://www.google.fr Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://www.iadah.com/web-B-8?search&q= ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|Search Page - hxxp://www.google.com HKCU_Main|Start Page - hxxps://www.facebook.com HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://www.pucuy.com/ HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll) HKCU_SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA} - "Search" (hxxp://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-35468619388...) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=BT4&o=15455&src=crm&q={searchTerm...) HKCU_SearchScopes\{e3dccd12-aa1a-48c5-a38b-518a9c35992f} - "iadah" (hxxp://www.iadah.com/web-B-8?search&q={searchTerms}) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKLM_Toolbar|{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} (C:\Program Files\DevNet\Toolbar\DevNet.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (x) HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft) HKLM_ElevationPolicy\{43023B0B-C598-4935-808C-990E0C700723} - C:\Program Files\DevNet\Toolbar\DevNetUpdater.exe (DevNet) HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?) HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{2E59C859-1AF3-0080-5D44-BD22E7CE3009} - "?" (c:\windows\system32\uxatbtdb.dll) (x) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 17/06/2011 17:55:10 (3963 Octet(s)) Fin à: 17:56:41, 17/06/2011 ============== E.O.F ============== Rapport Clean: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:59:17 le 17/06/2011, Mode normal Microsoft Windows XP Édition familiale Service Pack 3 (X86) Proprietaire@ORDI-BUREAU ( ) ============== ACTION(S) ============== Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Fichier supprimé: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\searchplugins\askcom.xml Dossier supprimé: C:\Documents and Settings\Proprietaire\Local Settings\Application Data\AskToolbar (!) -- Fichiers temporaires supprimés. -- Fichier ouvert: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\Prefs.js -- Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne supprimée: user_pref("browser.search.order.1", "Ask.com"); Ligne supprimée: user_pref("extensions.asktb.cbid", "H2"); Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&... Ligne supprimée: user_pref("extensions.asktb.fresh-install", false); Ligne supprimée: user_pref("extensions.asktb.l", "dis"); Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1261617542164"); Ligne supprimée: user_pref("extensions.asktb.locale", "fr_FR"); Ligne supprimée: user_pref("extensions.asktb.o", "15455"); Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871"); Ligne supprimée: user_pref("extensions.asktb.r", "2"); -- Fichier Fermé -- Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé supprimée: HKCU\Software\Ask.com Clé supprimée: HKCU\Software\AskToolbar Clé supprimée: HKCU\Software\AppDataLow\AskBarDis Clé supprimée: HKCU\Software\AppDataLow\AskHomePage Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [4.0.1 (fr)] **** HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Searchplugins\pucuy.xml (hxxp://www.pucuy.com/google) Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default -- Extensions\toolbar@iadah.com (?) Extensions\z0rya@free.fr (zoryazilla) Searchplugins\iadah.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameiadah</ShortName<Descriptioniadah</Description<...) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Proprietaire\\Mes documents\\Annie Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxps://www.google.fr Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://www.iadah.com/web-B-8?search&q= ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll) HKCU_SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA} - "Search" (hxxp://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-35468619388...) HKCU_SearchScopes\{e3dccd12-aa1a-48c5-a38b-518a9c35992f} - "iadah" (hxxp://www.iadah.com/web-B-8?search&q={searchTerms}) HKLM_Toolbar|{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} (C:\Program Files\DevNet\Toolbar\DevNet.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft) HKLM_ElevationPolicy\{43023B0B-C598-4935-808C-990E0C700723} - C:\Program Files\DevNet\Toolbar\DevNetUpdater.exe (DevNet) HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{2E59C859-1AF3-0080-5D44-BD22E7CE3009} - "?" (c:\windows\system32\uxatbtdb.dll) (x) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 5 Fichier(s) C:\Program Files\Ad-Remover\Backup: 15 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 17/06/2011 17:59:29 (4090 Octet(s)) C:\Ad-Report-SCAN[1].txt - 17/06/2011 17:55:10 (7770 Octet(s)) Fin à: 18:01:26, 17/06/2011 ============== E.O.F ============== Toujours un message d'avast...
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

pour précision Avast detecte toujours une menace sur svchost j'ai refait un Hijack, voici le log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37:04, on 17/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\program files\real\realplayer\update\realsched.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe C:\Documents and Settings\Proprietaire\Mes documents\Téléchargements\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Navigateur incompatible | Facebook R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = pucuy.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {2E59C859-1AF3-0080-5D44-BD22E7CE3009} - c:\windows\system32\uxatbtdb.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Iadah Toolbar - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files\DevNet\Toolbar\DevNet.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [5X5WWG2X4H9D6B4XAQHOHZEHTGIJ] C:\wins.Bin\353F139947E.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9CA2FBF0-EF75-4B29-AA1B-E7D88382756E}: NameServer = 192.168.1.1 O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9249 bytes
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Merci de ta réponse rapide Voici le rapport : All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== c:\program files\Ask.com folder moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 115616 bytes ->Temporary Internet Files folder emptied: 29297652 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 11598 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 478434636 bytes ->Java cache emptied: 44187 bytes ->Flash cache emptied: 19961 bytes User: Proprietaire ->Temp folder emptied: 496265748 bytes ->Temporary Internet Files folder emptied: 21804769 bytes ->Java cache emptied: 1169078 bytes ->FireFox cache emptied: 97774167 bytes ->Google Chrome cache emptied: 6138516 bytes ->Flash cache emptied: 116950 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 104825353 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 133825453 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 590947073 bytes Total Files Cleaned = 1 870,00 mb OTM by OldTimer - Version 3.1.18.0 log created on 06172011_171501 Files moved on Reboot... C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W2VCUD84\search[4].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QH5LDSLE\activityi;src=2507573;type=ads-a681;cat=ads-a455;ord=6557592470850[1].htm moved successfully. File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QH5LDSLE\google_fr[1].txt not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q8PLHB23\language_tools[1].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXWWETX6\search[3].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXWWETX6\search[4].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CYXIJ5OT\search[3].txt moved successfully. File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9V28QC3Q\js_minified[2].js not found! File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6G925CP5\TOS[1].txt not found! File C:\Documents and Settings\Proprietaire\Local Settings\Temp\Répertoire temporaire 2 pour Pinnacle Studio 9.4.3 Multilanguage Claves De Activacion Hollywood Fx 5.1 Plus Extra Packs Maunal Y Efectos.par.eMule-Paradise.com.zip\MANUAL Completo - Pinnacle Studio 9 en Español [uge not found! File C:\Documents and Settings\Proprietaire\Local Settings\Temp\Répertoire temporaire 1 pour Pinnacle Studio 9.4.3 Multilanguage Claves De Activacion Hollywood Fx 5.1 Plus Extra Packs Maunal Y Efectos.par.eMule-Paradise.com.zip\MANUAL Completo - Pinnacle Studio 9 en Español [uge not found! C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\S2LN7M67\list-item-plus[1].png moved successfully. C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\6NZ2I8O1\background_button_green_full[1].png moved successfully. File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
- le 17 juin 2011
- 25 réponses
[Résolu] PC Infecté

willow93 a posté un sujet dans Analyses et éradication malwares

Bonjour, J'ai tenté d'éliminer plusieurs virus/malwares sans succès (acev Avast et antivir + malwarebytes) Voici le rapport Hijack This Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:32:28, on 17/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\svchost.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Proprietaire\Mes documents\Téléchargements\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Navigateur incompatible | Facebook R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = pucuy.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {2E59C859-1AF3-0080-5D44-BD22E7CE3009} - c:\windows\system32\uxatbtdb.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Iadah Toolbar - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files\DevNet\Toolbar\DevNet.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [5X5WWG2X4H9D6B4XAQHOHZEHTGIJ] C:\wins.Bin\353F139947E.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9CA2FBF0-EF75-4B29-AA1B-E7D88382756E}: NameServer = 192.168.1.1 O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9721 bytes
- le 17 juin 2011
- 25 réponses
Crash de l'ordi du à virus ?

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Personne pour m'aider ?
- le 1 mai 2010
- 1 réponse
Crash de l'ordi du à virus ?

willow93 a posté un sujet dans Analyses et éradication malwares

Salut à tous Voila, j'ai un bug sur mon ordi, il plante au bout de quelques minutes, plus précisément tout se fige, ctrl+supr inefficace Je précise que j'ai été infecté recemment par Antivur Doctor ou un truc comme ça. Peut être en reste il des traces... Aucun malware détecté par Malwarebytes Voici mon rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:56:43, on 30/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe K:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE K:\Program Files\Avira\AntiVir Desktop\avgnt.exe K:\Program Files\QuickTime\qttask.exe K:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe K:\Program Files\Avira\AntiVir Desktop\avguard.exe L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Java\jre6\bin\jqs.exe k:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\System32\svchost.exe k:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\wuauclt.exe k:\Program Files\NetLimiter 2 Pro\NLClient.exe K:\Program Files\firefox.exe L:\Willow\programmes\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: hotrevenue browser enhancer - {DB704689-3FF5-A289-4309-D30A083463BF} - C:\WINDOWS\system32\tbojphdlxsegpie.dll (file missing) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avgnt] "K:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [superCopier2.exe] K:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S1E.tmp" /EF "HKCU" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1268517640233 O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - K:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - K:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - L:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - k:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - k:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 5679 bytes Vous voyer quelque chose de louche ? Merci d'avance
- le 30 avril 2010
- 1 réponse
[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Re Nan je n'ai pas fait de restauration pc... En fait normalement, je tourne sous Linux, qui est beaucoup moins touché (sinon pas du tout) pas ces saloperies... Mais effectivement j'avais eu le même problème il y a quelque temps. Le logiciel installé : carto explorer, un logiciel de cartographie IGN qui va m'aider à préparer mes randos futures Sinon plus aucuns problemes, ctrl alt suppr récupéré (utile sous Windows ! ) Régedit aussi et plus de saloperies de pubs et plus de pubs pour des sonneries portable Voila donc je me resolu ! Messages : 14396 Inscrit : 24/02/2005 Cela fait du 7.88 messages par jour en moyenne, ca me parait énorme ! Bravo
- le 21 février 2010
- 10 réponses
[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Logfile of random's system information tool 1.06 (written by random/random) Run by cageux at 2010-02-20 21:37:14 Microsoft Windows XP Édition familiale Service Pack 3 System drive D: has 41 GB (68%) free of 60 GB Total RAM: 2046 MB (78% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:16, on 20/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe D:\Program Files\SuperCopier2\SuperCopier2.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Google\Update\GoogleUpdate.exe D:\Program Files\NetLimiter 2 Pro\nlsvc.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\NetLimiter 2 Pro\NLClient.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\cageux\Bureau\RSIT.exe D:\Documents and Settings\cageux\Mes documents\Téléchargements\cageux.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [superCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - E:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Media Center 14 Service - J. River, Inc. - D:\Program Files\J River\Media Center 14\JRService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe -- End of file - 4985 bytes ======Scheduled tasks folder====== D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-28 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-28 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=D:\WINDOWS\System32\NvCpl.dll [2008-03-24 13524992] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-01-11 246504] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"=D:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] D:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [2007-12-17 188928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series (Copie 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [2007-12-17 188928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-23 30192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] D:\Program Files\Messenger\msmsgs.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] D:\WINDOWS\System32\NvMcTray.dll [2008-03-24 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] D:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] D:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shutdown] D:\Program Files\CHRYOPROD\Shutdown-IT\Shutdown-it.exe [2009-04-19 516608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Program Files\Dragon Age\bin_ship\daorigins.exe"="E:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Jeu" "E:\Program Files\Dragon Age\DAOriginsLauncher.exe"="E:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Lanceur" "E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Application de mise à jour" "D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "D:\Program Files\aMSN\bin\wish.exe"="D:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application" "D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "D:\Program Files\J River\Media Center 14\Media Center 14.exe"="D:\Program Files\J River\Media Center 14\Media Center 14.exe:*:Enabled:Media Center" "D:\Program Files\Java\jre6\launch4j-tmp\aTunes.exe"="D:\Program Files\Java\jre6\launch4j-tmp\aTunes.exe:*:Enabled:Java Platform SE binary" "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule" "E:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Jeu" "E:\Program Files\Mass Effect 2\MassEffect2Launcher.exe"="E:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Lanceur" "D:\Program Files\Java\jre6\bin\javaw.exe"="D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7fa552f-0690-11df-bef1-806d6172696f}] shell\AutoRun\command - K:\autorun.exe -auto ======List of files/folders created in the last 1 months====== 2010-02-20 18:36:25 ----D---- D:\_OTM 2010-02-20 11:33:37 ----A---- D:\WINDOWS\system32\CmdLineExt.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\x9.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\OgcDrvSuu.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\OgcDrvSilva.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\OgcDrvSena.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\OgcDrvPyx.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\OgcDrvMlr.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\OgcDrvMagellan.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\OgcDrvLowrance.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\OgcDrvGarmin.dll 2010-02-20 11:28:36 ----A---- D:\WINDOWS\system32\OgcDrvAvmap.dll 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\RCalcul.dll 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\Polyclip.dll 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\Ogc.dll 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\Nmea.dll 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\CreateReg.exe 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\CP30FW.DLL 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\ConversApi.dll 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\BCGCBResFRA.dll 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\BCGCB474.dll 2010-02-20 11:28:16 ----A---- D:\WINDOWS\system32\arxexprt.dll 2010-02-20 11:28:11 ----D---- D:\WINDOWS\system32\Bayo 2010-02-20 11:28:11 ----D---- D:\Program Files\Fichiers communs\Bayo 2010-02-20 11:28:11 ----D---- D:\Program Files\Bayo 2010-02-20 11:20:54 ----HDC---- D:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B} 2010-02-20 11:20:51 ----D---- D:\Program Files\Lavasoft 2010-02-20 11:20:51 ----D---- D:\Documents and Settings\All Users\Application Data\Lavasoft 2010-02-20 10:38:46 ----D---- D:\rsit 2010-02-20 01:47:13 ----D---- D:\Documents and Settings\cageux\Application Data\Malwarebytes 2010-02-20 01:47:07 ----D---- D:\Program Files\Malwarebytes' Anti-Malware 2010-02-20 01:47:07 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-02-20 00:55:01 ----D---- D:\WINDOWS\system32\appmgmt 2010-02-20 00:40:07 ----HD---- D:\WINDOWS\system32\GroupPolicy 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\gptext.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\gpedit.msc 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\gpedit.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\fdeploy.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\fde.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\appmgr.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\appmgmts.dll 2010-02-20 00:30:38 ----D---- D:\Documents and Settings\cageux\Application Data\QuickScan 2010-02-19 15:34:53 ----D---- D:\Documents and Settings\cageux\Application Data\c1 2010-02-19 15:33:30 ----D---- D:\Documents and Settings\cageux\Application Data\c2 2010-02-14 18:40:13 ----D---- D:\Program Files\PeerTV 2010-02-14 17:24:57 ----D---- D:\Program Files\RealVNC 2010-02-12 11:36:00 ----A---- D:\WINDOWS\system32\unrar.dll 2010-02-12 11:36:00 ----A---- D:\WINDOWS\avisplitter.ini 2010-02-12 11:35:59 ----A---- D:\WINDOWS\system32\yv12vfw.dll 2010-02-12 11:35:59 ----A---- D:\WINDOWS\system32\xvidvfw.dll 2010-02-12 11:35:59 ----A---- D:\WINDOWS\system32\xvidcore.dll 2010-02-12 11:35:57 ----A---- D:\WINDOWS\system32\ff_vfw.dll.manifest 2010-02-12 11:35:57 ----A---- D:\WINDOWS\system32\ff_vfw.dll 2010-02-12 11:35:56 ----D---- D:\Program Files\K-Lite Codec Pack 2010-02-11 01:02:52 ----D---- D:\Program Files\JDownloader 2010-02-07 14:00:50 ----D---- D:\Program Files\OpenAL 2010-02-07 14:00:50 ----A---- D:\WINDOWS\system32\wrap_oal.dll 2010-02-07 14:00:50 ----A---- D:\WINDOWS\system32\OpenAL32.dll 2010-02-07 13:54:56 ----D---- D:\WINDOWS\system32\Futuremark 2010-02-07 13:54:56 ----D---- D:\Program Files\Fichiers communs\Futuremark Shared 2010-02-07 03:04:42 ----A---- D:\WINDOWS\system32\D3DX9_41.dll 2010-02-07 03:04:42 ----A---- D:\WINDOWS\system32\d3dx10_41.dll 2010-02-07 03:04:42 ----A---- D:\WINDOWS\system32\D3DCompiler_41.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\XAudio2_4.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\xactengine3_4.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\X3DAudio1_6.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\d3dx10_40.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\D3DCompiler_40.dll 2010-02-07 03:04:40 ----A---- D:\WINDOWS\system32\XAudio2_3.dll 2010-02-07 03:04:40 ----A---- D:\WINDOWS\system32\XAPOFX1_2.dll 2010-02-07 03:04:40 ----A---- D:\WINDOWS\system32\xactengine3_3.dll 2010-02-07 03:04:40 ----A---- D:\WINDOWS\system32\D3DX9_40.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\XAudio2_2.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\xactengine3_2.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\X3DAudio1_5.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\d3dx10_39.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll 2010-02-07 03:04:38 ----A---- D:\WINDOWS\system32\XAudio2_1.dll 2010-02-07 03:04:38 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\xactengine3_1.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\D3DX9_38.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\d3dx10_38.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\XAudio2_0.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\xactengine3_0.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\X3DAudio1_3.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\d3dx10_37.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\D3DCompiler_37.dll 2010-02-07 03:04:35 ----A---- D:\WINDOWS\system32\D3DX9_37.dll 2010-02-07 03:03:59 ----A---- D:\WINDOWS\system32\XAudio2_5.dll 2010-02-07 03:03:59 ----A---- D:\WINDOWS\system32\XAPOFX1_3.dll 2010-02-07 03:03:59 ----A---- D:\WINDOWS\system32\xactengine3_5.dll 2010-02-07 03:03:59 ----A---- D:\WINDOWS\system32\D3DCompiler_42.dll 2010-02-07 03:03:58 ----A---- D:\WINDOWS\system32\d3dcsx_42.dll 2010-02-07 03:03:57 ----A---- D:\WINDOWS\system32\d3dx11_42.dll 2010-02-07 03:03:56 ----A---- D:\WINDOWS\system32\d3dx10_42.dll 2010-02-07 03:03:54 ----A---- D:\WINDOWS\system32\D3DX9_42.dll 2010-02-02 23:56:31 ----D---- D:\Program Files\TagRename 2010-02-02 11:52:57 ----D---- D:\Documents and Settings\cageux\Application Data\gtk-2.0 2010-02-02 01:23:32 ----D---- D:\Program Files\GIMP-2.0 2010-01-29 01:33:28 ----D---- D:\Program Files\eMule 2010-01-29 01:26:10 ----D---- D:\Documents and Settings\All Users\Application Data\nView_Profiles 2010-01-29 01:15:41 ----D---- D:\Program Files\EarthView 2010-01-29 01:15:41 ----D---- D:\Documents and Settings\cageux\Application Data\DeskSoft 2010-01-29 01:02:47 ----D---- D:\Documents and Settings\cageux\Application Data\360desktop 2010-01-29 00:46:20 ----D---- D:\Documents and Settings\cageux\Application Data\ID3-TagIT 3 2010-01-29 00:44:38 ----D---- D:\Program Files\Desktop Lighter 2010-01-29 00:44:31 ----D---- D:\Program Files\ID3-TagIT 3 2010-01-29 00:44:31 ----D---- D:\Documents and Settings\All Users\Application Data\ID3-TagIT 3 2010-01-29 00:03:23 ----D---- D:\Program Files\The GodFather 2010-01-28 23:11:32 ----D---- D:\Documents and Settings\cageux\Application Data\vlc 2010-01-28 23:11:32 ----D---- D:\Documents and Settings\cageux\Application Data\dvdcss 2010-01-28 01:20:51 ----D---- D:\Program Files\Codeforge 2010-01-28 00:40:11 ----D---- D:\Program Files\aTunes 2010-01-28 00:30:50 ----D---- D:\Program Files\Jajuk 2010-01-28 00:28:43 ----D---- D:\Documents and Settings\All Users\Application Data\Sun 2010-01-28 00:28:42 ----D---- D:\Program Files\Fichiers communs\Java 2010-01-28 00:28:26 ----A---- D:\WINDOWS\system32\javaws.exe 2010-01-28 00:28:26 ----A---- D:\WINDOWS\system32\javaw.exe 2010-01-28 00:28:26 ----A---- D:\WINDOWS\system32\java.exe 2010-01-28 00:28:26 ----A---- D:\WINDOWS\system32\deploytk.dll 2010-01-28 00:28:17 ----D---- D:\Program Files\Java 2010-01-28 00:24:48 ----D---- D:\Program Files\musikCube_1.0 2010-01-28 00:23:18 ----D---- D:\Documents and Settings\cageux\Application Data\Sun 2010-01-28 00:19:58 ----N---- D:\WINDOWS\system32\MC14.exe 2010-01-28 00:19:58 ----N---- D:\WINDOWS\system32\BBInstaller.exe 2010-01-28 00:19:58 ----N---- D:\WINDOWS\system32\AudDevicePlugin.dll 2010-01-28 00:19:58 ----N---- D:\WINDOWS\system32\AReadyLB.dll 2010-01-28 00:19:58 ----A---- D:\WINDOWS\system32\net32gdilib.dll 2010-01-28 00:19:56 ----A---- D:\WINDOWS\system32\D3DX9_39.dll 2010-01-28 00:19:52 ----D---- D:\WINDOWS\Logs 2010-01-28 00:18:02 ----D---- D:\Program Files\J River 2010-01-28 00:17:46 ----D---- D:\Documents and Settings\cageux\Application Data\J River 2010-01-27 11:24:32 ----A---- D:\WINDOWS\system32\escwiad.dll 2010-01-27 11:24:31 ----D---- D:\Program Files\epson 2010-01-26 11:58:38 ----D---- D:\Documents and Settings\All Users\Application Data\Adobe 2010-01-26 11:58:26 ----D---- D:\Program Files\Fichiers communs\Adobe 2010-01-26 11:58:26 ----D---- D:\Program Files\Adobe 2010-01-26 01:41:56 ----HDC---- D:\WINDOWS\$NtUninstallKB961118$ 2010-01-26 01:25:16 ----D---- D:\Documents and Settings\cageux\Application Data\Apple Computer 2010-01-26 01:24:33 ----D---- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-01-26 01:24:21 ----D---- D:\Program Files\Bonjour 2010-01-26 01:23:57 ----D---- D:\Program Files\QuickTime 2010-01-26 01:23:56 ----D---- D:\Documents and Settings\All Users\Application Data\Apple Computer 2010-01-26 01:23:45 ----D---- D:\Program Files\Apple Software Update 2010-01-26 01:23:10 ----D---- D:\Program Files\Fichiers communs\Apple 2010-01-26 01:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Apple 2010-01-25 01:46:53 ----D---- D:\WINDOWS\system32\XPSViewer 2010-01-25 01:46:50 ----D---- D:\Program Files\MSBuild 2010-01-25 01:46:49 ----D---- D:\WINDOWS\system32\en-US 2010-01-25 01:46:45 ----D---- D:\Program Files\Reference Assemblies 2010-01-25 01:46:26 ----N---- D:\WINDOWS\system32\xpssvcs.dll 2010-01-25 01:46:26 ----N---- D:\WINDOWS\system32\xpsshhdr.dll 2010-01-25 01:46:26 ----N---- D:\WINDOWS\system32\prntvpt.dll 2010-01-25 00:58:30 ----D---- D:\Program Files\MediaMonkey 2010-01-25 00:57:05 ----D---- D:\Program Files\Winamp Detect 2010-01-25 00:57:00 ----D---- D:\Program Files\Winamp 2010-01-25 00:57:00 ----D---- D:\Documents and Settings\cageux\Application Data\Winamp 2010-01-25 00:13:15 ----A---- D:\WINDOWS\system32\msvcr71.dll 2010-01-25 00:10:47 ----A---- D:\WINDOWS\system32\MSVCP71.dll 2010-01-24 23:46:23 ----D---- D:\Documents and Settings\cageux\Application Data\albumart 2010-01-24 23:37:18 ----D---- D:\Program Files\Album Cover Art Downloader 2010-01-24 03:19:57 ----HDC---- D:\WINDOWS\$NtUninstallKB939683$ 2010-01-24 03:01:25 ----HDC---- D:\WINDOWS\$NtUninstallKB970430$ 2010-01-24 03:01:20 ----HDC---- D:\WINDOWS\$NtUninstallKB951978$ 2010-01-24 03:01:16 ----HDC---- D:\WINDOWS\$NtUninstallKB968816_WM9$ 2010-01-24 03:01:14 ----HDC---- D:\WINDOWS\$NtUninstallKB954155_WM9$ 2010-01-24 03:01:10 ----HDC---- D:\WINDOWS\$NtUninstallKB956744$ 2010-01-24 03:01:07 ----HDC---- D:\WINDOWS\$NtUninstallKB941569$ 2010-01-24 03:00:56 ----HDC---- D:\WINDOWS\$NtUninstallKB973540_WM9$ 2010-01-24 03:00:53 ----HDC---- D:\WINDOWS\$NtUninstallKB929399$ 2010-01-24 03:00:34 ----HDC---- D:\WINDOWS\$NtUninstallKB971737$ 2010-01-24 03:00:22 ----HDC---- D:\WINDOWS\$NtUninstallKB952069_WM9$ 2010-01-24 03:00:16 ----HDC---- D:\WINDOWS\$NtUninstallKB954154_WM11$ 2010-01-24 02:19:27 ----D---- D:\Documents and Settings\cageux\Application Data\Google 2010-01-23 17:11:43 ----D---- D:\Documents and Settings\cageux\Application Data\OpenOffice.org 2010-01-23 03:00:23 ----HDC---- D:\WINDOWS\$NtUninstallKB976325$ 2010-01-23 02:25:12 ----HDC---- D:\WINDOWS\$NtUninstallKB951376-v2$ 2010-01-23 02:25:08 ----HDC---- D:\WINDOWS\$NtUninstallKB952954$ 2010-01-23 02:25:05 ----HDC---- D:\WINDOWS\$NtUninstallKB959426$ 2010-01-23 02:25:01 ----HDC---- D:\WINDOWS\$NtUninstallKB946648$ 2010-01-23 02:24:58 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$ 2010-01-23 02:24:55 ----HDC---- D:\WINDOWS\$NtUninstallKB960859$ 2010-01-23 02:24:53 ----HDC---- D:\WINDOWS\$NtUninstallKB958869$ 2010-01-23 02:24:49 ----HDC---- D:\WINDOWS\$NtUninstallKB976098-v2$ 2010-01-23 02:24:46 ----HDC---- D:\WINDOWS\$NtUninstallKB955759$ 2010-01-23 02:24:42 ----HDC---- D:\WINDOWS\$NtUninstallKB974318$ 2010-01-23 02:24:39 ----HDC---- D:\WINDOWS\$NtUninstallKB969059$ 2010-01-23 02:24:35 ----HDC---- D:\WINDOWS\$NtUninstallKB950974$ 2010-01-23 02:24:32 ----HDC---- D:\WINDOWS\$NtUninstallKB971657$ 2010-01-23 02:24:29 ----HDC---- D:\WINDOWS\$NtUninstallKB971557$ 2010-01-23 02:24:26 ----HDC---- D:\WINDOWS\$NtUninstallKB960225$ 2010-01-23 02:24:22 ----HDC---- D:\WINDOWS\$NtUninstallKB972270$ 2010-01-23 02:24:19 ----HDC---- D:\WINDOWS\$NtUninstallKB974112$ 2010-01-23 02:24:12 ----HDC---- D:\WINDOWS\$NtUninstallKB956572$ 2010-01-23 02:24:07 ----HDC---- D:\WINDOWS\$NtUninstallKB956844$ 2010-01-23 02:24:04 ----HDC---- D:\WINDOWS\$NtUninstallKB961501$ 2010-01-23 02:24:01 ----HDC---- D:\WINDOWS\$NtUninstallKB971633$ 2010-01-23 02:23:57 ----HDC---- D:\WINDOWS\$NtUninstallKB973869$ 2010-01-23 02:23:54 ----HDC---- D:\WINDOWS\$NtUninstallKB975025$ 2010-01-23 02:23:49 ----HDC---- D:\WINDOWS\$NtUninstallKB952004$ 2010-01-23 02:23:45 ----HDC---- D:\WINDOWS\$NtUninstallKB974571$ 2010-01-23 02:23:42 ----HDC---- D:\WINDOWS\$NtUninstallKB973507$ 2010-01-23 02:22:55 ----A---- D:\WINDOWS\system32\MRT.exe 2010-01-23 02:22:50 ----HDC---- D:\WINDOWS\$NtUninstallKB973687$ 2010-01-23 02:22:47 ----HDC---- D:\WINDOWS\$NtUninstallKB950762$ 2010-01-23 02:22:43 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$ 2010-01-23 02:22:40 ----HDC---- D:\WINDOWS\$NtUninstallKB958687$ 2010-01-23 02:22:36 ----HDC---- D:\WINDOWS\$NtUninstallKB952287$ 2010-01-23 02:22:33 ----HDC---- D:\WINDOWS\$NtUninstallKB973354$ 2010-01-23 02:22:28 ----HDC---- D:\WINDOWS\$NtUninstallKB973904$ 2010-01-23 02:22:23 ----HDC---- D:\WINDOWS\$NtUninstallKB967715$ 2010-01-23 02:22:19 ----HDC---- D:\WINDOWS\$NtUninstallKB974392$ 2010-01-23 02:22:16 ----HDC---- D:\WINDOWS\$NtUninstallKB951748$ 2010-01-23 02:22:12 ----HDC---- D:\WINDOWS\$NtUninstallKB970238$ 2010-01-23 02:22:07 ----HDC---- D:\WINDOWS\$NtUninstallKB971486$ 2010-01-23 02:22:03 ----HDC---- D:\WINDOWS\$NtUninstallKB960803$ 2010-01-23 02:21:59 ----HDC---- D:\WINDOWS\$NtUninstallKB973815$ 2010-01-23 02:21:56 ----HDC---- D:\WINDOWS\$NtUninstallKB973525$ 2010-01-23 02:21:52 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$ 2010-01-23 02:21:48 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$ 2010-01-23 02:21:44 ----HDC---- D:\WINDOWS\$NtUninstallKB956802$ 2010-01-23 02:21:39 ----HDC---- D:\WINDOWS\$NtUninstallKB923561$ 2010-01-23 02:21:36 ----HDC---- D:\WINDOWS\$NtUninstallKB971961$ 2010-01-23 02:21:32 ----HDC---- D:\WINDOWS\$NtUninstallKB975467$ 2010-01-23 02:21:23 ----HDC---- D:\WINDOWS\$NtUninstallKB968389$ 2010-01-23 02:21:17 ----HDC---- D:\WINDOWS\$NtUninstallKB969947$ 2010-01-23 01:45:07 ----D---- D:\WINDOWS\system32\PreInstall 2010-01-23 01:45:05 ----HDC---- D:\WINDOWS\$NtUninstallKB898461$ 2010-01-23 01:45:05 ----HD---- D:\WINDOWS\$hf_mig$ 2010-01-23 01:38:29 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2010-01-23 01:32:32 ----D---- D:\Documents and Settings\cageux\Application Data\Locktime 2010-01-23 01:29:43 ----D---- D:\WINDOWS\pss 2010-01-23 01:08:56 ----D---- D:\Program Files\aMSN 2010-01-23 00:46:14 ----D---- D:\Program Files\StartClock 2010-01-23 00:41:41 ----D---- D:\Program Files\Google 2010-01-23 00:32:24 ----N---- D:\WINDOWS\system32\spmsg.dll 2010-01-23 00:32:23 ----HDC---- D:\WINDOWS\$NtUninstallMSCompPackV1$ 2010-01-23 00:30:58 ----D---- D:\Program Files\Windows Media Connect 2 2010-01-23 00:30:51 ----HDC---- D:\WINDOWS\$NtUninstallwmp11$ 2010-01-23 00:30:31 ----HDC---- D:\WINDOWS\$NtUninstallWMFDist11$ 2010-01-23 00:30:18 ----D---- D:\WINDOWS\system32\LogFiles 2010-01-23 00:30:14 ----HDC---- D:\WINDOWS\$NtUninstallWudf01000$ 2010-01-23 00:20:01 ----D---- D:\Documents and Settings\All Users\Application Data\Locktime 2010-01-23 00:19:58 ----D---- D:\Program Files\NetLimiter 2 Pro 2010-01-23 00:11:42 ----D---- D:\WINDOWS\RegisteredPackages 2010-01-22 23:35:48 ----D---- D:\Program Files\VideoLAN 2010-01-22 23:35:06 ----D---- D:\Program Files\CHRYOPROD 2010-01-22 23:16:00 ----D---- D:\Documents and Settings\All Users\Application Data\BioWare 2010-01-22 23:07:34 ----D---- D:\WINDOWS\system32\AGEIA 2010-01-22 23:07:34 ----D---- D:\Program Files\AGEIA Technologies 2010-01-22 23:07:20 ----D---- D:\Program Files\Fichiers communs\Wise Installation Wizard 2010-01-22 23:07:17 ----A---- D:\WINDOWS\system32\xactengine2_10.dll 2010-01-22 23:07:17 ----A---- D:\WINDOWS\system32\d3dx10_36.dll 2010-01-22 23:07:17 ----A---- D:\WINDOWS\system32\D3DCompiler_36.dll 2010-01-22 23:07:16 ----A---- D:\WINDOWS\system32\xactengine2_9.dll 2010-01-22 23:07:16 ----A---- D:\WINDOWS\system32\d3dx9_36.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\xactengine2_8.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\X3DAudio1_2.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\d3dx9_35.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\d3dx10_35.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\D3DCompiler_35.dll 2010-01-22 23:07:14 ----A---- D:\WINDOWS\system32\xinput1_3.dll 2010-01-22 23:07:14 ----A---- D:\WINDOWS\system32\d3dx9_34.dll 2010-01-22 23:07:14 ----A---- D:\WINDOWS\system32\d3dx10_34.dll 2010-01-22 23:07:14 ----A---- D:\WINDOWS\system32\D3DCompiler_34.dll 2010-01-22 23:07:11 ----A---- D:\WINDOWS\system32\xactengine2_7.dll 2010-01-22 23:07:10 ----A---- D:\WINDOWS\system32\d3dx10_33.dll 2010-01-22 23:07:10 ----A---- D:\WINDOWS\system32\D3DCompiler_33.dll 2010-01-22 23:07:07 ----A---- D:\WINDOWS\system32\xactengine2_6.dll 2010-01-22 23:07:07 ----A---- D:\WINDOWS\system32\d3dx9_33.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\xactengine2_5.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\xactengine2_4.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\x3daudio1_1.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\d3dx9_32.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\d3dx9_31.dll 2010-01-22 23:07:05 ----A---- D:\WINDOWS\system32\xinput1_2.dll 2010-01-22 23:07:05 ----A---- D:\WINDOWS\system32\xinput1_1.dll 2010-01-22 23:07:05 ----A---- D:\WINDOWS\system32\xactengine2_3.dll 2010-01-22 23:07:05 ----A---- D:\WINDOWS\system32\xactengine2_2.dll 2010-01-22 23:07:04 ----A---- D:\WINDOWS\system32\xactengine2_1.dll 2010-01-22 23:06:56 ----A---- D:\WINDOWS\system32\d3dx9_30.dll 2010-01-22 23:06:55 ----A---- D:\WINDOWS\system32\xactengine2_0.dll 2010-01-22 23:06:55 ----A---- D:\WINDOWS\system32\x3daudio1_0.dll 2010-01-22 23:06:55 ----A---- D:\WINDOWS\system32\d3dx9_29.dll 2010-01-22 23:06:55 ----A---- D:\WINDOWS\system32\d3dx9_28.dll 2010-01-22 23:06:54 ----A---- D:\WINDOWS\system32\xinput9_1_0.dll 2010-01-22 23:06:54 ----A---- D:\WINDOWS\system32\d3dx9_27.dll 2010-01-22 23:06:54 ----A---- D:\WINDOWS\system32\d3dx9_26.dll 2010-01-22 23:06:54 ----A---- D:\WINDOWS\system32\d3dx9_25.dll 2010-01-22 23:06:53 ----A---- D:\WINDOWS\system32\d3dx9_24.dll 2010-01-22 19:56:45 ----D---- D:\Program Files\DAEMON Tools Lite 2010-01-22 19:56:19 ----D---- D:\Documents and Settings\cageux\Application Data\DAEMON Tools Lite 2010-01-22 19:56:17 ----D---- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2010-01-22 19:50:37 ----D---- D:\Program Files\Lavalys 2010-01-22 19:46:03 ----RSD---- D:\WINDOWS\assembly 2010-01-22 19:45:48 ----D---- D:\WINDOWS\Microsoft.NET 2010-01-22 19:44:53 ----D---- D:\Program Files\Fichiers communs\BioWare 2010-01-22 19:38:50 ----D---- D:\WINDOWS\system32\NtmsData 2010-01-22 15:23:17 ----D---- D:\WINDOWS\system32\Lang 2010-01-22 15:08:09 ----A---- D:\WINDOWS\system32\ksuser.dll 2010-01-22 15:07:14 ----D---- D:\WINDOWS\Prefetch 2010-01-22 14:59:54 ----N---- D:\WINDOWS\system32\msxml6r.dll 2010-01-22 14:59:54 ----N---- D:\WINDOWS\system32\msxml6.dll 2010-01-22 14:59:45 ----N---- D:\WINDOWS\system32\aaclient.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapsvc.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapqec.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eappprxy.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapphost.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eappgnui.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eappcfg.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapp3hst.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapolqec.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3ui.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3svc.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3msm.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3gpclnt.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3dlg.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3cfg.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3api.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dimsroam.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dimsntfy.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dhcpqec.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\credssp.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\bitsprx4.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\azroles.dll 2010-01-22 14:59:43 ----N---- D:\WINDOWS\system32\kbdpash.dll 2010-01-22 14:59:43 ----N---- D:\WINDOWS\system32\kbdnepr.dll 2010-01-22 14:59:43 ----N---- D:\WINDOWS\system32\kbdiultn.dll 2010-01-22 14:59:43 ----N---- D:\WINDOWS\system32\kbdbhc.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\onex.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\napstat.exe 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\napmontr.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\napipsec.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\msshavmsg.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\mssha.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\mmcperf.exe 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\mmcfxcommon.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\mmcex.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\microsoft.managementconsole.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\l2gpstore.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\kmsvc.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\setupn.exe 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\rhttpaa.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\rasqec.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\qutil.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\qcliprov.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\qagentrt.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\qagent.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\photometadatahandler.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\xpsp3res.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\wmphoto.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\wlanapi.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\windowscodecsext.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\windowscodecs.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\verclsid.exe 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\tzchange.exe 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\tspkg.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\tsgqec.dll 2010-01-22 14:59:39 ----N---- D:\WINDOWS\system32\xmllite.dll 2010-01-22 14:59:39 ----D---- D:\WINDOWS\system32\fr-fr 2010-01-22 14:59:38 ----D---- D:\WINDOWS\system32\fr 2010-01-22 14:59:38 ----D---- D:\WINDOWS\system32\bits 2010-01-22 14:59:38 ----D---- D:\WINDOWS\l2schemas 2010-01-22 14:59:05 ----R---- D:\WINDOWS\alcwzrd.exe 2010-01-22 14:59:05 ----R---- D:\WINDOWS\Alcmtr.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\system32\ChCfg.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\SoundMan.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\SkyTel.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\RtlUpd.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\RTLCPL.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\RTHDCPL.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\MicCal.exe 2010-01-22 14:59:04 ----D---- D:\WINDOWS\system32\RTCOM 2010-01-22 14:58:43 ----R---- D:\WINDOWS\RtlExUpd.dll 2010-01-22 14:58:43 ----A---- D:\WINDOWS\HideWin.exe 2010-01-22 14:56:30 ----D---- D:\WINDOWS\network diagnostic 2010-01-22 14:53:47 ----D---- D:\Program Files\Avira 2010-01-22 14:53:47 ----D---- D:\Documents and Settings\All Users\Application Data\Avira 2010-01-22 14:51:00 ----D---- D:\WINDOWS\system32\SoftwareDistribution 2010-01-22 14:49:13 ----D---- D:\WINDOWS\SoftwareDistribution 2010-01-22 14:49:11 ----SD---- D:\WINDOWS\system32\Microsoft 2010-01-22 14:46:00 ----N---- D:\WINDOWS\system32\proxycfg.exe 2010-01-22 14:46:00 ----N---- D:\WINDOWS\system32\logman.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\msdadiag.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\MP4SDMOD.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\MP43DMOD.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\mdmxsdk.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdukx.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdsmsno.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdsmsfi.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdno1.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdmlt48.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdmlt47.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdmaori.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdinmal.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdinben.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdinbe1.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdfi1.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ieencode.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\hsfcisp2.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\hccoin.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\fwcfg.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\fsquirt.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\fltmc.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\extmgr.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\encdec.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\encapi.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\dxdiagn.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\dsprpres.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\d3d9.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\cmsetacl.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\btpanui.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\bthserv.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\bthci.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\blastcln.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\bitsprx3.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\bitsprx2.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\auditusr.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ativvaxx.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ativtmxx.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati3duag.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati3d1ag.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati2dvag.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati2dvaa.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati2cqag.dll 2010-01-22 14:45:58 ----A---- D:\WINDOWS\system32\httpapi.dll 2010-01-22 14:45:58 ----A---- D:\WINDOWS\system32\fltlib.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\xpsp1res.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\xpob2res.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\WMSPDMOE.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmspdmod.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmsdmoe2.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmpdxm.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmpasf.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmp.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmidx.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmerror.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\winshfhc.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\winbrand.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\w3ssl.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\twext.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\smbinst.exe 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slserv.exe 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slrundll.exe 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slgen.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slextspk.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slcoinst.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\sdhcinst.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\sbeio.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\sbe.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\s3gnb.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\powercfg.exe 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\pnrpnsp.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2psvc.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2pnetsh.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2pgraph.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2pgasvc.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2p.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\mtxparhd.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\mssap.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\mspmsnsv.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\msftedit.dll 2010-01-22 14:45:57 ----A---- D:\WINDOWS\system32\xpsp2res.dll 2010-01-22 14:45:57 ----A---- D:\WINDOWS\system32\winhttp.dll 2010-01-22 14:45:57 ----A---- D:\WINDOWS\system32\strmfilt.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\xmlprovi.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\xmlprov.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wuaueng1.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wuauclt1.exe 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wshbth.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wscntfy.exe 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wmvdmoe2.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\slrundll.exe 2010-01-22 14:45:56 ----D---- D:\WINDOWS\peernet 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wuweb.dll 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wups.dll 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wucltui.dll 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wuapi.dll 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wscsvc.dll 2010-01-22 14:45:55 ----D---- D:\WINDOWS\provisioning 2010-01-22 14:45:26 ----D---- D:\WINDOWS\ServicePackFiles 2010-01-22 14:44:42 ----D---- D:\WINDOWS\system32\ReinstallBackups 2010-01-22 14:44:37 ----A---- D:\WINDOWS\system32\spupdsvc.exe 2010-01-22 14:44:08 ----HDC---- D:\WINDOWS\$NtServicePackUninstall$ 2010-01-22 14:44:06 ----D---- D:\WINDOWS\EHome 2010-01-22 12:44:14 ----A---- D:\WINDOWS\system32\iuengine.dll 2010-01-22 03:30:04 ----D---- D:\Program Files\SuperCopier2 2010-01-21 23:45:49 ----D---- D:\Documents and Settings\cageux\Application Data\WinRAR 2010-01-21 23:34:41 ----D---- D:\Documents and Settings\cageux\Application Data\BitTorrent 2010-01-21 23:34:29 ----D---- D:\Program Files\BitTorrent 2010-01-21 23:34:02 ----D---- D:\Program Files\WinRAR 2010-01-21 23:17:34 ----D---- D:\Program Files\Runtime Software 2010-01-21 22:50:20 ----D---- D:\Program Files\NTFS Undelete 2010-01-21 22:07:22 ----D---- D:\recup 2010-01-21 20:15:13 ----D---- D:\Documents and Settings\cageux\Application Data\Macromedia 2010-01-21 20:15:13 ----D---- D:\Documents and Settings\cageux\Application Data\Adobe 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\PICSDK2.dll 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\PICSDK.ini 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\PICSDK.dll 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\PICEntry.dll 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\EpPicPrt.dll 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\EPPicMgr.dll 2010-01-21 18:29:45 ----A---- D:\WINDOWS\system32\E_FLBEGE.DLL 2010-01-21 18:29:45 ----A---- D:\WINDOWS\system32\E_FD4BEGE.DLL 2010-01-21 18:29:45 ----A---- D:\WINDOWS\system32\E_DCINST.DLL 2010-01-21 18:29:35 ----DC---- D:\WINDOWS\system32\DRVSTORE 2010-01-21 18:29:32 ----D---- D:\Documents and Settings\All Users\Application Data\EPSON 2010-01-21 17:54:07 ----D---- D:\Documents and Settings\cageux\Application Data\Mozilla 2010-01-21 16:12:30 ----A---- D:\WINDOWS\system32\wpa.bak 2010-01-21 16:06:54 ----D---- D:\Program Files\Mozilla Firefox 2010-01-21 16:05:22 ----D---- D:\WINDOWS\nview 2010-01-21 16:05:22 ----A---- D:\WINDOWS\system32\nvudisp.exe 2010-01-21 16:05:03 ----A---- D:\WINDOWS\system32\NVUNINST.EXE 2010-01-21 16:04:55 ----D---- D:\Program Files\Fichiers communs\InstallShield 2010-01-21 15:32:08 ----D---- D:\WINDOWS\OPTIONS 2010-01-21 15:32:08 ----D---- D:\Program Files\Realtek 2010-01-21 15:32:07 ----HD---- D:\Program Files\InstallShield Installation Information 2010-01-21 15:32:05 ----D---- D:\Documents and Settings\cageux\Application Data\InstallShield 2010-01-21 14:52:52 ----SHD---- D:\RECYCLER 2010-01-21 14:33:17 ----RSHDC---- D:\WINDOWS\system32\dllcache 2010-01-21 14:33:17 ----RSD---- D:\WINDOWS\Fonts 2010-01-21 14:33:17 ----RD---- D:\WINDOWS\Web 2010-01-21 14:33:17 ----HD---- D:\WINDOWS\inf 2010-01-21 14:33:17 ----D---- D:\WINDOWS\WinSxS 2010-01-21 14:33:17 ----D---- D:\WINDOWS\twain_32 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Temp 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\wins 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\wbem 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\usmt 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\spool 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\ShellExt 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\Setup 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\ras 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\oobe 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\npp 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\mui 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\inetsrv 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\IME 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\icsxml 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\ias 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\export 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\drivers 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\dhcp 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\config 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\3com_dmi 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\3076 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\2052 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1054 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1042 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1041 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1037 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1036 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1033 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1031 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1028 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1025 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system 2010-01-21 14:33:17 ----D---- D:\WINDOWS\security 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Resources 2010-01-21 14:33:17 ----D---- D:\WINDOWS\repair 2010-01-21 14:33:17 ----D---- D:\WINDOWS\mui 2010-01-21 14:33:17 ----D---- D:\WINDOWS\msapps 2010-01-21 14:33:17 ----D---- D:\WINDOWS\msagent 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Media 2010-01-21 14:33:17 ----D---- D:\WINDOWS\java 2010-01-21 14:33:17 ----D---- D:\WINDOWS\ime 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Help 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Driver Cache 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Debug 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Cursors 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Connection Wizard 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Config 2010-01-21 14:33:17 ----D---- D:\WINDOWS\AppPatch 2010-01-21 14:33:17 ----D---- D:\WINDOWS\addins 2010-01-21 14:33:17 ----D---- D:\WINDOWS 2010-01-21 13:46:59 ----SHD---- D:\WINDOWS\Installer 2010-01-21 13:46:57 ----D---- D:\Documents and Settings\cageux\Application Data\Identities 2010-01-21 13:46:54 ----HD---- D:\Program Files\Uninstall Information 2010-01-21 13:46:46 ----SD---- D:\Documents and Settings\cageux\Application Data\Microsoft 2010-01-21 13:46:46 ----ASH---- D:\Documents and Settings\cageux\Application Data\desktop.ini 2010-01-21 13:46:17 ----SHD---- D:\System Volume Information 2010-01-21 13:46:17 ----A---- D:\WINDOWS\SchedLgU.Txt 2010-01-21 13:43:42 ----D---- D:\WINDOWS\system32\xircom 2010-01-21 13:43:42 ----D---- D:\Program Files\xerox 2010-01-21 13:43:42 ----D---- D:\Program Files\microsoft frontpage 2010-01-21 13:43:32 ----A---- D:\WINDOWS\control.ini 2010-01-21 13:43:27 ----A---- D:\WINDOWS\OEWABLog.txt 2010-01-21 13:43:25 ----A---- D:\WINDOWS\system32\mapi32.dll 2010-01-21 13:42:58 ----SD---- D:\WINDOWS\Downloaded Program Files 2010-01-21 13:42:58 ----RD---- D:\WINDOWS\Offline Web Pages 2010-01-21 13:42:58 ----RAH---- D:\WINDOWS\system32\logonui.exe.manifest 2010-01-21 13:42:55 ----RAH---- D:\WINDOWS\system32\cdplayer.exe.manifest 2010-01-21 13:42:45 ----D---- D:\WINDOWS\srchasst 2010-01-21 13:42:40 ----D---- D:\WINDOWS\system32\Macromed 2010-01-21 13:42:40 ----D---- D:\WINDOWS\system32\DirectX 2010-01-21 13:42:32 ----A---- D:\WINDOWS\system32\qmgrprxy.dll 2010-01-21 13:42:32 ----A---- D:\WINDOWS\system32\qmgr.dll 2010-01-21 13:42:31 ----D---- D:\Program Files\Movie Maker 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\safrslv.dll 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\safrdm.dll 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\safrcdlg.dll 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\racpldlg.dll 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\atrace.dll 2010-01-21 13:42:17 ----A---- D:\WINDOWS\system32\desktop.ini 2010-01-21 13:42:17 ----A---- D:\WINDOWS\desktop.ini 2010-01-21 13:42:12 ----D---- D:\WINDOWS\system32\Restore 2010-01-21 13:42:12 ----A---- D:\WINDOWS\system32\srsvc.dll 2010-01-21 13:42:12 ----A---- D:\WINDOWS\system32\srrstr.dll 2010-01-21 13:42:12 ----A---- D:\WINDOWS\system32\srclient.dll 2010-01-21 13:42:11 ----D---- D:\Program Files\Windows Media Player 2010-01-21 13:42:11 ----A---- D:\WINDOWS\system32\nmevtmsg.dll 2010-01-21 13:42:11 ----A---- D:\WINDOWS\system32\mnmdd.dll 2010-01-21 13:42:11 ----A---- D:\WINDOWS\system32\isrdbg32.dll 2010-01-21 13:42:11 ----A---- D:\WINDOWS\system32\ils.dll 2010-01-21 13:42:10 ----A---- D:\WINDOWS\system32\nmmkcert.dll 2010-01-21 13:42:10 ----A---- D:\WINDOWS\system32\msconf.dll 2010-01-21 13:42:10 ----A---- D:\WINDOWS\system32\mnmsrvc.exe 2010-01-21 13:42:08 ----D---- D:\WINDOWS\PCHEALTH 2010-01-21 13:42:08 ----D---- D:\Program Files\NetMeeting 2010-01-21 13:42:08 ----A---- D:\WINDOWS\system32\msoert2.dll 2010-01-21 13:42:08 ----A---- D:\WINDOWS\system32\acctres.dll 2010-01-21 13:42:07 ----D---- D:\Program Files\Fichiers communs\Services 2010-01-21 13:42:07 ----A---- D:\WINDOWS\system32\msoeacct.dll 2010-01-21 13:42:06 ----A---- D:\WINDOWS\system32\inetres.dll 2010-01-21 13:42:06 ----A---- D:\WINDOWS\system32\inetcomm.dll 2010-01-21 13:42:04 ----D---- D:\Program Files\Outlook Express 2010-01-21 13:42:03 ----SD---- D:\WINDOWS\Tasks 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\schedsvc.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\mstinit.exe 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\mstask.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\isign32.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\inetcfg.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\icwphbk.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\icwdial.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\icfgnt5.dll 2010-01-21 13:42:01 ----D---- D:\Program Files\Fichiers communs\MSSoap 2010-01-21 13:41:58 ----D---- D:\Program Files\Fichiers communs\System 2010-01-21 13:41:57 ----D---- D:\Program Files\Internet Explorer 2010-01-21 13:41:48 ----D---- D:\Program Files\ComPlus Applications 2010-01-21 13:41:47 ----A---- D:\WINDOWS\vbaddin.ini 2010-01-21 13:41:47 ----A---- D:\WINDOWS\vb.ini 2010-01-21 13:41:44 ----D---- D:\WINDOWS\Registration 2010-01-21 13:41:29 ----HD---- D:\Program Files\WindowsUpdate 2010-01-21 13:41:29 ----D---- D:\Program Files\Services en ligne 2010-01-21 13:41:26 ----D---- D:\Program Files\Messenger 2010-01-21 13:41:19 ----D---- D:\Program Files\MSN Gaming Zone 2010-01-21 13:41:19 ----A---- D:\WINDOWS\system32\write.exe 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\sndvol32.exe 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\sndrec32.exe 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\mplay32.exe 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\hypertrm.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\hticons.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\avwav.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\avtapi.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\avmeter.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\accwiz.exe 2010-01-21 13:41:12 ----D---- D:\Program Files\Windows NT 2010-01-21 13:41:12 ----A---- D:\WINDOWS\system32\winchat.exe 2010-01-21 13:41:11 ----A---- D:\WINDOWS\system32\mspaint.exe 2010-01-21 13:41:08 ----A---- D:\WINDOWS\system32\clipbrd.exe 2010-01-21 13:41:07 ----A---- D:\WINDOWS\system32\getuname.dll 2010-01-21 13:41:07 ----A---- D:\WINDOWS\system32\charmap.exe 2010-01-21 13:41:07 ----A---- D:\WINDOWS\system32\calc.exe 2010-01-21 13:41:06 ----A---- D:\WINDOWS\system32\wuauserv.dll 2010-01-21 13:41:06 ----A---- D:\WINDOWS\system32\wuaueng.dll 2010-01-21 13:41:06 ----A---- D:\WINDOWS\system32\wuauclt.exe 2010-01-21 13:41:06 ----A---- D:\WINDOWS\system32\tscfgwmi.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\usrlogon.cmd 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tsshutdn.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tslabels.ini 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tskill.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tsdiscon.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tscupgrd.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tscon.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\termsrv.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\sessmgr.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\reset.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\remotepg.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\rdshost.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\rdsaddin.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\rdchost.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\mstscax.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\mstsc.exe 2010-01-21 13:41:04 ----D---- D:\WINDOWS\system32\MsDtc 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\shadow.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rwinsta.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\regini.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rdpwsx.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rdpsnd.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rdpclip.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rdpcfgex.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\qwinsta.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\qprocess.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\qappsrv.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\mtxoci.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\msg.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\msdtcuiu.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\logoff.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\icaapi.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\cfgbkend.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\cdmodem.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\xolehlp.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtctm.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtcprx.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtcprf.ini 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtclog.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtc.exe 2010-01-21 13:41:02 ----D---- D:\WINDOWS\system32\Com 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\stclient.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\mtxlegih.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\mtxex.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\mtxdm.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\dcomcnfg.exe 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\comrepl.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\comaddin.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\colbact.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\catsrvps.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\comuid.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\comsvcs.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\comsnap.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\clbcatq.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\clbcatex.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\catsrvut.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\catsrv.dll 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\wmimgmt.msc 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\servdeps.dll 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\mmfutil.dll 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\licwmi.dll 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\cmprops.dll 2010-01-21 13:40:23 ----A---- D:\WINDOWS\system32\h323log.txt 2010-01-21 13:38:17 ----A---- D:\WINDOWS\system32\usbui.dll 2010-01-21 13:37:42 ----A---- D:\WINDOWS\imsins.BAK 2010-01-21 13:37:39 ----D---- D:\Program Files\Fichiers communs\ODBC 2010-01-21 13:37:39 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2010-01-21 13:37:39 ----A---- D:\WINDOWS\ODBCINST.INI 2010-01-21 13:37:37 ----D---- D:\Program Files\Fichiers communs\SpeechEngines 2010-01-21 13:37:35 ----RD---- D:\Program Files 2010-01-21 13:37:35 ----D---- D:\Program Files\Fichiers communs\Microsoft Shared 2010-01-21 13:37:35 ----D---- D:\Program Files\Fichiers communs 2010-01-21 13:37:34 ----RA---- D:\WINDOWS\system32\kbdtuq.dll 2010-01-21 13:37:34 ----RA---- D:\WINDOWS\system32\kbdtuf.dll 2010-01-21 13:37:34 ----RA---- D:\WINDOWS\system32\kbdazel.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdycc.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbduzb.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdur.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdtat.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdru1.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdru.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdmon.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdkyr.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdkaz.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdbu.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdblr.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdaze.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhept.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhela3.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhela2.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhe319.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhe220.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhe.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdgkl.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdlv1.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdlv.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdlt1.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdlt.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdest.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdycl.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdsl1.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdsl.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdro.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdpl1.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdpl.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdhu1.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdhu.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdcz2.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdcz1.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdcz.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdcr.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\KBDAL.DLL 2010-01-21 13:37:27 ----A---- D:\WINDOWS\system32\irclass.dll 2010-01-21 13:37:27 ----A---- D:\WINDOWS\system32\dgsetup.dll 2010-01-21 13:37:27 ----A---- D:\WINDOWS\system32\dgrpsetu.dll 2010-01-21 13:37:26 ----A---- D:\WINDOWS\system32\spxcoins.dll 2010-01-21 13:37:26 ----A---- D:\WINDOWS\system32\EqnClass.Dll 2010-01-21 13:37:26 ----A---- D:\WINDOWS\system32\batt.dll 2010-01-21 13:37:25 ----A---- D:\WINDOWS\TASKMAN.EXE 2010-01-21 13:37:25 ----A---- D:\WINDOWS\notepad.exe 2010-01-21 13:37:23 ----A---- D:\WINDOWS\system32\storprop.dll 2010-01-21 13:37:18 ----ASH---- D:\Documents and Settings\All Users\Application Data\desktop.ini 2010-01-21 13:36:42 ----D---- D:\WINDOWS\system32\CatRoot2 2010-01-21 13:36:42 ----D---- D:\WINDOWS\system32\CatRoot 2010-01-21 13:36:36 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft 2010-01-21 13:36:26 ----A---- D:\WINDOWS\setuplog.txt 2010-01-21 13:36:23 ----D---- D:\Documents and Settings ======List of files/folders modified in the last 1 months====== 2010-02-20 00:48:39 ----A---- D:\WINDOWS\win.ini 2010-02-20 00:48:39 ----A---- D:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 nltdi;nltdi; \??\D:\WINDOWS\system32\drivers\nltdi.sys [] R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-23 28520] R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-23 56816] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728] R3 mouhid;Pilote HID de souris; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288] R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-03-24 6547872] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-12-05 104064] R3 usbhub;Concentrateur USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbstor;Pilote de stockage de masse USB; D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 agoxmd5a;agoxmd5a; D:\WINDOWS\system32\drivers\agoxmd5a.sys [] S3 ENTECH;ENTECH; \??\D:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 gdrv;gdrv; \??\D:\WINDOWS\gdrv.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; D:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-23 108289] R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-23 185089] R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-17 143872] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664] R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-01-28 153376] R2 nlsvc;NetLimiter; D:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-03-21 516096] R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\System32\nvsvc32.exe [2008-03-24 155716] S2 gupdate;Service Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-24 135664] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1229232] S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour; E:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-23 30192] S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Media Center 14 Service;Media Center 14 Service; D:\Program Files\J River\Media Center 14\JRService.exe [2010-01-19 380928] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 Bonjour Service;Service Bonjour; D:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Mp envoyé Je tiens a te remercier, vous faites du super bon boulot ici ... (rémunéré ?)
- le 20 février 2010
- 10 réponses
[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Super ! Ca parait avoir marché ! Le log All processes killed Error: Unable to interpret <:first> in the current context! ========== PROCESSES ========== No active process named explorer.exe was found! No active process named lspvt32.exe was found! ========== SERVICES/DRIVERS ========== Error: No service named af9294q5 was found to stop! Unable to stop service af9294q5! Service cpuz130 stopped successfully! Service cpuz130 deleted successfully! ========== FILES ========== D:\WINDOWS\system32\lspvt32.exe moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft ALU manager deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360desktop\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc98c008-0839-11df-8fe8-001d7dc9c235}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc98c008-0839-11df-8fe8-001d7dc9c235}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: cageux ->Temp folder emptied: 390872984 bytes ->Temporary Internet Files folder emptied: 33513365 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 59683701 bytes ->Google Chrome cache emptied: 7594846 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138958 bytes %systemroot%\System32 .tmp files removed: 1163264 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6646314 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23939286 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 69010 bytes RecycleBin emptied: 8539873128 bytes Total Files Cleaned = 8 645,00 mb OTM by OldTimer - Version 3.1.9.0 log created on 02202010_183625 Files moved on Reboot... Registry entries deleted on Reboot...
- le 20 février 2010
- 10 réponses
analyse de mon rapport combofix(virus msn)

willow93 a répondu à un(e) sujet de charlesop dans Analyses et éradication malwares

Salut Pour le log tu fait un simple copier-coller Après je peut pas t'aider mais avant d'utiliser des logiciels style combo, laisse toi conseiller par les "pros" qui trainent sur ces forum...
- le 20 février 2010
- 1 réponse
[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

Merci de ta réponse ! Edit : toujours pas de ctrl alt suppr. J'ajoute que je ne peut acceder au Regedit ... Log malwarebytes : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3764 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 20/02/2010 10:37:46 mbam-log-2010-02-20 (10-37-46).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|) Eléments examinés: 220483 Temps écoulé: 44 minute(s), 6 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): E:\Willow\jeux\Machinarium\d3drm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. logs RSIT : info.txt logfile of random's system information tool 1.06 2010-02-20 10:38:52 ======Uninstall list====== -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Album Cover Art Downloader 1.6.6-->C:\Program Files\Album Cover Art Downloader\uninst.exe aMSN 0.98.1-->D:\Program Files\aMSN\uninstall.exe Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE BitTorrent-->D:\Program Files\BitTorrent\uninst.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} CCleaner-->"e:\Program Files\CCleaner\uninst.exe" Correctif pour Lecteur Windows Media 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"D:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Correctif pour Windows XP (KB976098-v2)-->"D:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Dragon Age: Origins-->D:\Program Files\Fichiers communs\BioWare\Uninstall Dragon Age.exe EarthView-->D:\Program Files\EarthView\Uninstall.exe eMule-->"D:\Program Files\eMule\Uninstall.exe" EPSON Scan-->D:\Program Files\epson\escndv\setup\setup.exe /r EPSON Stylus SX400 Series Printer Uninstall-->D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEGE.EXE /R /APD /P:"EPSON Stylus SX400 Series" EVEREST Ultimate Edition v4.60-->"D:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Futuremark SystemInfo-->"D:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly GetDataBack for NTFS-->"D:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "D:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u GIMP 2.6.8-->"D:\Program Files\GIMP-2.0\setup\unins000.exe" Google Chrome-->"D:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level Google Desktop-->D:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} HijackThis 2.0.2-->"D:\Documents and Settings\cageux\Mes documents\Téléchargements\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" ID3-TagIT 3-->"D:\Program Files\ID3-TagIT 3\unins000.exe" Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} JDownloader-->D:\Program Files\JDownloader\uninstall.exe K-Lite Codec Pack 5.7.0 (Full)-->"D:\Program Files\K-Lite Codec Pack\unins000.exe" Lecteur Windows Media 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Logiciel d'archivage WinRAR-->D:\Program Files\WinRAR\uninstall.exe Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Mass Effect 2-->D:\Program Files\Fichiers communs\BioWare\Uninstall Mass Effect 2.exe Media Center 14-->D:\Program Files\J River\Media Center 14\JRMediaUninstall.exe MediaMonkey 3.1-->"D:\Program Files\MediaMonkey\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"D:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"D:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"D:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"D:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"D:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"D:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"D:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"D:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"D:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958869)-->"D:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"D:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"D:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"D:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"D:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"D:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969059)-->"D:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969947)-->"D:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"D:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970430)-->"D:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971486)-->"D:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"D:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"D:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"D:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971961)-->"D:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB972270)-->"D:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"D:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"D:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973525)-->"D:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"D:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973904)-->"D:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974112)-->"D:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974318)-->"D:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974392)-->"D:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974571)-->"D:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975025)-->"D:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975467)-->"D:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB976325)-->"D:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"D:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955759)-->"D:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"D:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"D:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB971737)-->"D:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973687)-->"D:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"D:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Mortal Online-->"e:\Program Files\Star Vault\Mortal Online\unins000.exe" Mozilla Firefox (3.5.-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe NetLimiter 2 Pro (remove only)-->"D:\Program Files\NetLimiter 2 Pro\nl2uninst.exe" NVIDIA Drivers-->D:\WINDOWS\System32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} OpenAL-->"D:\Program Files\OpenAL\OpenALwEAX.exe" /U OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC} PeerTV 1.1.2-->"D:\Program Files\PeerTV\uninstall.exe" QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} REALTEK GbE & FE Ethernet PCI-E NIC Driver-->D:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x040c -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Shutdown-IT-->D:\Program Files\CHRYOPROD\Shutdown-IT\Uninstal.exe StartClock 3.4-->"D:\Program Files\StartClock\unins000.exe" SuperCopier2-->"D:\Program Files\SuperCopier2\SC2Uninst.exe" Tag&Rename 3.5.4-->"D:\Program Files\TagRename\unins000.exe" TweakAll 3.0-->"D:\Program Files\Codeforge\TweakAll3\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VLC media player 1.0.3-->D:\Program Files\VideoLAN\VLC\uninstall.exe VNC Free Edition 4.1.3-->"D:\Program Files\RealVNC\VNC4\unins000.exe" Winamp-->"D:\Program Files\Winamp\UninstWA.exe" Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinHTTrack Website Copier 3.43-9-->"e:\Program Files\WinHTTrack\unins000.exe" ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: WILLOW-CAGE Event Code: 7036 Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution. Record Number: 429 Source Name: Service Control Manager Time Written: 20100123013247.000000+060 Event Type: Informations User: Computer Name: WILLOW-CAGE Event Code: 7036 Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution. Record Number: 428 Source Name: Service Control Manager Time Written: 20100123013246.000000+060 Event Type: Informations User: Computer Name: WILLOW-CAGE Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution. Record Number: 427 Source Name: Service Control Manager Time Written: 20100123013246.000000+060 Event Type: Informations User: Computer Name: WILLOW-CAGE Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness). Record Number: 426 Source Name: Service Control Manager Time Written: 20100123013246.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: WILLOW-CAGE Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP. Record Number: 425 Source Name: Service Control Manager Time Written: 20100123013246.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: WILLOW-CAGE Event Code: 4113 Message: AntiVir a détecté dans le fichier C:\System Volume Information\_restore{BAEFE8EE-A282-4B69-BB2F-9402F6340CC9}\RP6\A0007975.inf un code suspect avec la désignation 'VBS/IETitle.A'! Record Number: 243 Source Name: Avira AntiVir Time Written: 20100125142356.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: WILLOW-CAGE Event Code: 4113 Message: AntiVir a détecté dans le fichier C:\System Volume Information\_restore{BAEFE8EE-A282-4B69-BB2F-9402F6340CC9}\RP6\A0007975.inf un code suspect avec la désignation 'VBS/IETitle.A'! Record Number: 242 Source Name: Avira AntiVir Time Written: 20100125134329.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: WILLOW-CAGE Event Code: 1002 Message: Application bloquée MediaMonkey.exe, version 3.1.1.1261, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Record Number: 241 Source Name: Application Hang Time Written: 20100125122711.000000+060 Event Type: erreur User: Computer Name: WILLOW-CAGE Event Code: 4097 Message: L'application, D:\Program Files\MediaMonkey\MediaMonkey.exe, a généré une erreur d'application L'erreur s'est produite le 01/25/2010 à 12:17:27.609 L'exception générée était c0000005 à l'adresse 1517339A (WMVCore!WMIsAvailableOffline) Record Number: 240 Source Name: DrWatson Time Written: 20100125121727.000000+060 Event Type: Informations User: Computer Name: WILLOW-CAGE Event Code: 1000 Message: Application défaillante mediamonkey.exe, version 3.1.1.1261, module défaillant wmvcore.dll, version 11.0.5721.5265, adresse de défaillance 0x0006339a. Record Number: 239 Source Name: Application Error Time Written: 20100125121725.000000+060 Event Type: erreur User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=D:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by cageux at 2010-02-20 10:42:33 Microsoft Windows XP Édition familiale Service Pack 3 System drive D: has 37 GB (62%) free of 60 GB Total RAM: 2046 MB (59% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:42:33, on 20/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe D:\WINDOWS\system32\lspvt32.exe D:\Program Files\SuperCopier2\SuperCopier2.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Google\Update\GoogleUpdate.exe D:\Program Files\NetLimiter 2 Pro\nlsvc.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\NetLimiter 2 Pro\NLClient.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\Program Files\Java\jre6\bin\javaw.exe D:\Program Files\aMSN\bin\wish.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\cageux\Bureau\RSIT.exe D:\Documents and Settings\cageux\Mes documents\Téléchargements\cageux.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Microsoft ALU manager] D:\WINDOWS\system32\lspvt32.exe O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [superCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - E:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Media Center 14 Service - J. River, Inc. - D:\Program Files\J River\Media Center 14\JRService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe -- End of file - 5509 bytes ======Scheduled tasks folder====== D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-28 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-28 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=D:\WINDOWS\System32\NvCpl.dll [2008-03-24 13524992] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-01-11 246504] "Microsoft ALU manager"=D:\WINDOWS\system32\lspvt32.exe [2009-03-13 323847872] "MSConfig"=D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 172544] "Malwarebytes Anti-Malware (reboot)"=D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"=D:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360desktop] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] D:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [2007-12-17 188928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series (Copie 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [2007-12-17 188928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-23 30192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] D:\Program Files\Messenger\msmsgs.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] D:\WINDOWS\System32\NvMcTray.dll [2008-03-24 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] D:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] D:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shutdown] D:\Program Files\CHRYOPROD\Shutdown-IT\Shutdown-it.exe [2009-04-19 516608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Program Files\Dragon Age\bin_ship\daorigins.exe"="E:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Jeu" "E:\Program Files\Dragon Age\DAOriginsLauncher.exe"="E:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Lanceur" "E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Application de mise à jour" "D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "D:\Program Files\aMSN\bin\wish.exe"="D:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application" "D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "D:\Program Files\J River\Media Center 14\Media Center 14.exe"="D:\Program Files\J River\Media Center 14\Media Center 14.exe:*:Enabled:Media Center" "D:\Program Files\Java\jre6\launch4j-tmp\aTunes.exe"="D:\Program Files\Java\jre6\launch4j-tmp\aTunes.exe:*:Enabled:Java Platform SE binary" "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule" "E:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Jeu" "E:\Program Files\Mass Effect 2\MassEffect2Launcher.exe"="E:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Lanceur" "D:\Program Files\Java\jre6\bin\javaw.exe"="D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc98c008-0839-11df-8fe8-001d7dc9c235}] shell\AutoRun\command - mbdm.exe shell\open\command - mbdm.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7fa552f-0690-11df-bef1-806d6172696f}] shell\AutoRun\command - K:\autorun.exe -auto ======List of files/folders created in the last 1 months====== 2010-02-20 10:38:46 ----D---- D:\rsit 2010-02-20 01:47:13 ----D---- D:\Documents and Settings\cageux\Application Data\Malwarebytes 2010-02-20 01:47:07 ----D---- D:\Program Files\Malwarebytes' Anti-Malware 2010-02-20 01:47:07 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-02-20 00:55:01 ----D---- D:\WINDOWS\system32\appmgmt 2010-02-20 00:40:07 ----HD---- D:\WINDOWS\system32\GroupPolicy 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\gptext.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\gpedit.msc 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\gpedit.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\fdeploy.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\fde.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\appmgr.dll 2010-02-20 00:40:07 ----A---- D:\WINDOWS\system32\appmgmts.dll 2010-02-20 00:30:38 ----D---- D:\Documents and Settings\cageux\Application Data\QuickScan 2010-02-19 15:34:53 ----D---- D:\Documents and Settings\cageux\Application Data\c1 2010-02-19 15:33:30 ----D---- D:\Documents and Settings\cageux\Application Data\c2 2010-02-19 14:29:16 ----A---- D:\WINDOWS\system32\lspvt32.exe 2010-02-14 18:40:13 ----D---- D:\Program Files\PeerTV 2010-02-14 17:24:57 ----D---- D:\Program Files\RealVNC 2010-02-12 11:36:00 ----A---- D:\WINDOWS\system32\unrar.dll 2010-02-12 11:36:00 ----A---- D:\WINDOWS\avisplitter.ini 2010-02-12 11:35:59 ----A---- D:\WINDOWS\system32\yv12vfw.dll 2010-02-12 11:35:59 ----A---- D:\WINDOWS\system32\xvidvfw.dll 2010-02-12 11:35:59 ----A---- D:\WINDOWS\system32\xvidcore.dll 2010-02-12 11:35:57 ----A---- D:\WINDOWS\system32\ff_vfw.dll.manifest 2010-02-12 11:35:57 ----A---- D:\WINDOWS\system32\ff_vfw.dll 2010-02-12 11:35:56 ----D---- D:\Program Files\K-Lite Codec Pack 2010-02-11 01:02:52 ----D---- D:\Program Files\JDownloader 2010-02-07 14:00:50 ----D---- D:\Program Files\OpenAL 2010-02-07 14:00:50 ----A---- D:\WINDOWS\system32\wrap_oal.dll 2010-02-07 14:00:50 ----A---- D:\WINDOWS\system32\OpenAL32.dll 2010-02-07 13:54:56 ----D---- D:\WINDOWS\system32\Futuremark 2010-02-07 13:54:56 ----D---- D:\Program Files\Fichiers communs\Futuremark Shared 2010-02-07 03:04:42 ----A---- D:\WINDOWS\system32\D3DX9_41.dll 2010-02-07 03:04:42 ----A---- D:\WINDOWS\system32\d3dx10_41.dll 2010-02-07 03:04:42 ----A---- D:\WINDOWS\system32\D3DCompiler_41.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\XAudio2_4.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\xactengine3_4.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\X3DAudio1_6.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\d3dx10_40.dll 2010-02-07 03:04:41 ----A---- D:\WINDOWS\system32\D3DCompiler_40.dll 2010-02-07 03:04:40 ----A---- D:\WINDOWS\system32\XAudio2_3.dll 2010-02-07 03:04:40 ----A---- D:\WINDOWS\system32\XAPOFX1_2.dll 2010-02-07 03:04:40 ----A---- D:\WINDOWS\system32\xactengine3_3.dll 2010-02-07 03:04:40 ----A---- D:\WINDOWS\system32\D3DX9_40.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\XAudio2_2.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\xactengine3_2.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\X3DAudio1_5.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\d3dx10_39.dll 2010-02-07 03:04:39 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll 2010-02-07 03:04:38 ----A---- D:\WINDOWS\system32\XAudio2_1.dll 2010-02-07 03:04:38 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\xactengine3_1.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\D3DX9_38.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\d3dx10_38.dll 2010-02-07 03:04:37 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\XAudio2_0.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\xactengine3_0.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\X3DAudio1_3.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\d3dx10_37.dll 2010-02-07 03:04:36 ----A---- D:\WINDOWS\system32\D3DCompiler_37.dll 2010-02-07 03:04:35 ----A---- D:\WINDOWS\system32\D3DX9_37.dll 2010-02-07 03:03:59 ----A---- D:\WINDOWS\system32\XAudio2_5.dll 2010-02-07 03:03:59 ----A---- D:\WINDOWS\system32\XAPOFX1_3.dll 2010-02-07 03:03:59 ----A---- D:\WINDOWS\system32\xactengine3_5.dll 2010-02-07 03:03:59 ----A---- D:\WINDOWS\system32\D3DCompiler_42.dll 2010-02-07 03:03:58 ----A---- D:\WINDOWS\system32\d3dcsx_42.dll 2010-02-07 03:03:57 ----A---- D:\WINDOWS\system32\d3dx11_42.dll 2010-02-07 03:03:56 ----A---- D:\WINDOWS\system32\d3dx10_42.dll 2010-02-07 03:03:54 ----A---- D:\WINDOWS\system32\D3DX9_42.dll 2010-02-02 23:56:31 ----D---- D:\Program Files\TagRename 2010-02-02 11:52:57 ----D---- D:\Documents and Settings\cageux\Application Data\gtk-2.0 2010-02-02 01:23:32 ----D---- D:\Program Files\GIMP-2.0 2010-01-29 01:33:28 ----D---- D:\Program Files\eMule 2010-01-29 01:26:10 ----D---- D:\Documents and Settings\All Users\Application Data\nView_Profiles 2010-01-29 01:15:41 ----D---- D:\Program Files\EarthView 2010-01-29 01:15:41 ----D---- D:\Documents and Settings\cageux\Application Data\DeskSoft 2010-01-29 01:02:47 ----D---- D:\Documents and Settings\cageux\Application Data\360desktop 2010-01-29 00:46:20 ----D---- D:\Documents and Settings\cageux\Application Data\ID3-TagIT 3 2010-01-29 00:44:38 ----D---- D:\Program Files\Desktop Lighter 2010-01-29 00:44:31 ----D---- D:\Program Files\ID3-TagIT 3 2010-01-29 00:44:31 ----D---- D:\Documents and Settings\All Users\Application Data\ID3-TagIT 3 2010-01-29 00:03:23 ----D---- D:\Program Files\The GodFather 2010-01-28 23:11:32 ----D---- D:\Documents and Settings\cageux\Application Data\vlc 2010-01-28 23:11:32 ----D---- D:\Documents and Settings\cageux\Application Data\dvdcss 2010-01-28 01:20:51 ----D---- D:\Program Files\Codeforge 2010-01-28 00:40:11 ----D---- D:\Program Files\aTunes 2010-01-28 00:30:50 ----D---- D:\Program Files\Jajuk 2010-01-28 00:28:43 ----D---- D:\Documents and Settings\All Users\Application Data\Sun 2010-01-28 00:28:42 ----D---- D:\Program Files\Fichiers communs\Java 2010-01-28 00:28:26 ----A---- D:\WINDOWS\system32\javaws.exe 2010-01-28 00:28:26 ----A---- D:\WINDOWS\system32\javaw.exe 2010-01-28 00:28:26 ----A---- D:\WINDOWS\system32\java.exe 2010-01-28 00:28:26 ----A---- D:\WINDOWS\system32\deploytk.dll 2010-01-28 00:28:17 ----D---- D:\Program Files\Java 2010-01-28 00:24:48 ----D---- D:\Program Files\musikCube_1.0 2010-01-28 00:23:18 ----D---- D:\Documents and Settings\cageux\Application Data\Sun 2010-01-28 00:19:58 ----N---- D:\WINDOWS\system32\MC14.exe 2010-01-28 00:19:58 ----N---- D:\WINDOWS\system32\BBInstaller.exe 2010-01-28 00:19:58 ----N---- D:\WINDOWS\system32\AudDevicePlugin.dll 2010-01-28 00:19:58 ----N---- D:\WINDOWS\system32\AReadyLB.dll 2010-01-28 00:19:58 ----A---- D:\WINDOWS\system32\net32gdilib.dll 2010-01-28 00:19:56 ----A---- D:\WINDOWS\system32\D3DX9_39.dll 2010-01-28 00:19:52 ----D---- D:\WINDOWS\Logs 2010-01-28 00:18:02 ----D---- D:\Program Files\J River 2010-01-28 00:17:46 ----D---- D:\Documents and Settings\cageux\Application Data\J River 2010-01-27 11:24:32 ----A---- D:\WINDOWS\system32\escwiad.dll 2010-01-27 11:24:31 ----D---- D:\Program Files\epson 2010-01-26 11:58:38 ----D---- D:\Documents and Settings\All Users\Application Data\Adobe 2010-01-26 11:58:26 ----D---- D:\Program Files\Fichiers communs\Adobe 2010-01-26 11:58:26 ----D---- D:\Program Files\Adobe 2010-01-26 01:41:56 ----HDC---- D:\WINDOWS\$NtUninstallKB961118$ 2010-01-26 01:25:16 ----D---- D:\Documents and Settings\cageux\Application Data\Apple Computer 2010-01-26 01:24:33 ----D---- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-01-26 01:24:21 ----D---- D:\Program Files\Bonjour 2010-01-26 01:23:57 ----D---- D:\Program Files\QuickTime 2010-01-26 01:23:56 ----D---- D:\Documents and Settings\All Users\Application Data\Apple Computer 2010-01-26 01:23:45 ----D---- D:\Program Files\Apple Software Update 2010-01-26 01:23:10 ----D---- D:\Program Files\Fichiers communs\Apple 2010-01-26 01:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Apple 2010-01-25 01:46:53 ----D---- D:\WINDOWS\system32\XPSViewer 2010-01-25 01:46:50 ----D---- D:\Program Files\MSBuild 2010-01-25 01:46:49 ----D---- D:\WINDOWS\system32\en-US 2010-01-25 01:46:45 ----D---- D:\Program Files\Reference Assemblies 2010-01-25 01:46:26 ----N---- D:\WINDOWS\system32\xpssvcs.dll 2010-01-25 01:46:26 ----N---- D:\WINDOWS\system32\xpsshhdr.dll 2010-01-25 01:46:26 ----N---- D:\WINDOWS\system32\prntvpt.dll 2010-01-25 00:58:30 ----D---- D:\Program Files\MediaMonkey 2010-01-25 00:57:05 ----D---- D:\Program Files\Winamp Detect 2010-01-25 00:57:00 ----D---- D:\Program Files\Winamp 2010-01-25 00:57:00 ----D---- D:\Documents and Settings\cageux\Application Data\Winamp 2010-01-25 00:13:15 ----A---- D:\WINDOWS\system32\msvcr71.dll 2010-01-25 00:10:47 ----A---- D:\WINDOWS\system32\MSVCP71.dll 2010-01-24 23:46:23 ----D---- D:\Documents and Settings\cageux\Application Data\albumart 2010-01-24 23:37:18 ----D---- D:\Program Files\Album Cover Art Downloader 2010-01-24 03:19:57 ----HDC---- D:\WINDOWS\$NtUninstallKB939683$ 2010-01-24 03:01:25 ----HDC---- D:\WINDOWS\$NtUninstallKB970430$ 2010-01-24 03:01:20 ----HDC---- D:\WINDOWS\$NtUninstallKB951978$ 2010-01-24 03:01:16 ----HDC---- D:\WINDOWS\$NtUninstallKB968816_WM9$ 2010-01-24 03:01:14 ----HDC---- D:\WINDOWS\$NtUninstallKB954155_WM9$ 2010-01-24 03:01:10 ----HDC---- D:\WINDOWS\$NtUninstallKB956744$ 2010-01-24 03:01:07 ----HDC---- D:\WINDOWS\$NtUninstallKB941569$ 2010-01-24 03:00:56 ----HDC---- D:\WINDOWS\$NtUninstallKB973540_WM9$ 2010-01-24 03:00:53 ----HDC---- D:\WINDOWS\$NtUninstallKB929399$ 2010-01-24 03:00:34 ----HDC---- D:\WINDOWS\$NtUninstallKB971737$ 2010-01-24 03:00:22 ----HDC---- D:\WINDOWS\$NtUninstallKB952069_WM9$ 2010-01-24 03:00:16 ----HDC---- D:\WINDOWS\$NtUninstallKB954154_WM11$ 2010-01-24 02:19:27 ----D---- D:\Documents and Settings\cageux\Application Data\Google 2010-01-23 17:11:43 ----D---- D:\Documents and Settings\cageux\Application Data\OpenOffice.org 2010-01-23 03:00:23 ----HDC---- D:\WINDOWS\$NtUninstallKB976325$ 2010-01-23 02:25:12 ----HDC---- D:\WINDOWS\$NtUninstallKB951376-v2$ 2010-01-23 02:25:08 ----HDC---- D:\WINDOWS\$NtUninstallKB952954$ 2010-01-23 02:25:05 ----HDC---- D:\WINDOWS\$NtUninstallKB959426$ 2010-01-23 02:25:01 ----HDC---- D:\WINDOWS\$NtUninstallKB946648$ 2010-01-23 02:24:58 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$ 2010-01-23 02:24:55 ----HDC---- D:\WINDOWS\$NtUninstallKB960859$ 2010-01-23 02:24:53 ----HDC---- D:\WINDOWS\$NtUninstallKB958869$ 2010-01-23 02:24:49 ----HDC---- D:\WINDOWS\$NtUninstallKB976098-v2$ 2010-01-23 02:24:46 ----HDC---- D:\WINDOWS\$NtUninstallKB955759$ 2010-01-23 02:24:42 ----HDC---- D:\WINDOWS\$NtUninstallKB974318$ 2010-01-23 02:24:39 ----HDC---- D:\WINDOWS\$NtUninstallKB969059$ 2010-01-23 02:24:35 ----HDC---- D:\WINDOWS\$NtUninstallKB950974$ 2010-01-23 02:24:32 ----HDC---- D:\WINDOWS\$NtUninstallKB971657$ 2010-01-23 02:24:29 ----HDC---- D:\WINDOWS\$NtUninstallKB971557$ 2010-01-23 02:24:26 ----HDC---- D:\WINDOWS\$NtUninstallKB960225$ 2010-01-23 02:24:22 ----HDC---- D:\WINDOWS\$NtUninstallKB972270$ 2010-01-23 02:24:19 ----HDC---- D:\WINDOWS\$NtUninstallKB974112$ 2010-01-23 02:24:12 ----HDC---- D:\WINDOWS\$NtUninstallKB956572$ 2010-01-23 02:24:07 ----HDC---- D:\WINDOWS\$NtUninstallKB956844$ 2010-01-23 02:24:04 ----HDC---- D:\WINDOWS\$NtUninstallKB961501$ 2010-01-23 02:24:01 ----HDC---- D:\WINDOWS\$NtUninstallKB971633$ 2010-01-23 02:23:57 ----HDC---- D:\WINDOWS\$NtUninstallKB973869$ 2010-01-23 02:23:54 ----HDC---- D:\WINDOWS\$NtUninstallKB975025$ 2010-01-23 02:23:49 ----HDC---- D:\WINDOWS\$NtUninstallKB952004$ 2010-01-23 02:23:45 ----HDC---- D:\WINDOWS\$NtUninstallKB974571$ 2010-01-23 02:23:42 ----HDC---- D:\WINDOWS\$NtUninstallKB973507$ 2010-01-23 02:22:55 ----A---- D:\WINDOWS\system32\MRT.exe 2010-01-23 02:22:50 ----HDC---- D:\WINDOWS\$NtUninstallKB973687$ 2010-01-23 02:22:47 ----HDC---- D:\WINDOWS\$NtUninstallKB950762$ 2010-01-23 02:22:43 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$ 2010-01-23 02:22:40 ----HDC---- D:\WINDOWS\$NtUninstallKB958687$ 2010-01-23 02:22:36 ----HDC---- D:\WINDOWS\$NtUninstallKB952287$ 2010-01-23 02:22:33 ----HDC---- D:\WINDOWS\$NtUninstallKB973354$ 2010-01-23 02:22:28 ----HDC---- D:\WINDOWS\$NtUninstallKB973904$ 2010-01-23 02:22:23 ----HDC---- D:\WINDOWS\$NtUninstallKB967715$ 2010-01-23 02:22:19 ----HDC---- D:\WINDOWS\$NtUninstallKB974392$ 2010-01-23 02:22:16 ----HDC---- D:\WINDOWS\$NtUninstallKB951748$ 2010-01-23 02:22:12 ----HDC---- D:\WINDOWS\$NtUninstallKB970238$ 2010-01-23 02:22:07 ----HDC---- D:\WINDOWS\$NtUninstallKB971486$ 2010-01-23 02:22:03 ----HDC---- D:\WINDOWS\$NtUninstallKB960803$ 2010-01-23 02:21:59 ----HDC---- D:\WINDOWS\$NtUninstallKB973815$ 2010-01-23 02:21:56 ----HDC---- D:\WINDOWS\$NtUninstallKB973525$ 2010-01-23 02:21:52 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$ 2010-01-23 02:21:48 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$ 2010-01-23 02:21:44 ----HDC---- D:\WINDOWS\$NtUninstallKB956802$ 2010-01-23 02:21:39 ----HDC---- D:\WINDOWS\$NtUninstallKB923561$ 2010-01-23 02:21:36 ----HDC---- D:\WINDOWS\$NtUninstallKB971961$ 2010-01-23 02:21:32 ----HDC---- D:\WINDOWS\$NtUninstallKB975467$ 2010-01-23 02:21:23 ----HDC---- D:\WINDOWS\$NtUninstallKB968389$ 2010-01-23 02:21:17 ----HDC---- D:\WINDOWS\$NtUninstallKB969947$ 2010-01-23 01:45:07 ----D---- D:\WINDOWS\system32\PreInstall 2010-01-23 01:45:05 ----HDC---- D:\WINDOWS\$NtUninstallKB898461$ 2010-01-23 01:45:05 ----HD---- D:\WINDOWS\$hf_mig$ 2010-01-23 01:38:29 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2010-01-23 01:32:32 ----D---- D:\Documents and Settings\cageux\Application Data\Locktime 2010-01-23 01:29:43 ----D---- D:\WINDOWS\pss 2010-01-23 01:08:56 ----D---- D:\Program Files\aMSN 2010-01-23 00:46:14 ----D---- D:\Program Files\StartClock 2010-01-23 00:41:41 ----D---- D:\Program Files\Google 2010-01-23 00:32:24 ----N---- D:\WINDOWS\system32\spmsg.dll 2010-01-23 00:32:23 ----HDC---- D:\WINDOWS\$NtUninstallMSCompPackV1$ 2010-01-23 00:30:58 ----D---- D:\Program Files\Windows Media Connect 2 2010-01-23 00:30:51 ----HDC---- D:\WINDOWS\$NtUninstallwmp11$ 2010-01-23 00:30:31 ----HDC---- D:\WINDOWS\$NtUninstallWMFDist11$ 2010-01-23 00:30:18 ----D---- D:\WINDOWS\system32\LogFiles 2010-01-23 00:30:14 ----HDC---- D:\WINDOWS\$NtUninstallWudf01000$ 2010-01-23 00:20:01 ----D---- D:\Documents and Settings\All Users\Application Data\Locktime 2010-01-23 00:19:58 ----D---- D:\Program Files\NetLimiter 2 Pro 2010-01-23 00:11:42 ----D---- D:\WINDOWS\RegisteredPackages 2010-01-22 23:35:48 ----D---- D:\Program Files\VideoLAN 2010-01-22 23:35:06 ----D---- D:\Program Files\CHRYOPROD 2010-01-22 23:16:00 ----D---- D:\Documents and Settings\All Users\Application Data\BioWare 2010-01-22 23:07:34 ----D---- D:\WINDOWS\system32\AGEIA 2010-01-22 23:07:34 ----D---- D:\Program Files\AGEIA Technologies 2010-01-22 23:07:20 ----D---- D:\Program Files\Fichiers communs\Wise Installation Wizard 2010-01-22 23:07:17 ----A---- D:\WINDOWS\system32\xactengine2_10.dll 2010-01-22 23:07:17 ----A---- D:\WINDOWS\system32\d3dx10_36.dll 2010-01-22 23:07:17 ----A---- D:\WINDOWS\system32\D3DCompiler_36.dll 2010-01-22 23:07:16 ----A---- D:\WINDOWS\system32\xactengine2_9.dll 2010-01-22 23:07:16 ----A---- D:\WINDOWS\system32\d3dx9_36.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\xactengine2_8.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\X3DAudio1_2.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\d3dx9_35.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\d3dx10_35.dll 2010-01-22 23:07:15 ----A---- D:\WINDOWS\system32\D3DCompiler_35.dll 2010-01-22 23:07:14 ----A---- D:\WINDOWS\system32\xinput1_3.dll 2010-01-22 23:07:14 ----A---- D:\WINDOWS\system32\d3dx9_34.dll 2010-01-22 23:07:14 ----A---- D:\WINDOWS\system32\d3dx10_34.dll 2010-01-22 23:07:14 ----A---- D:\WINDOWS\system32\D3DCompiler_34.dll 2010-01-22 23:07:11 ----A---- D:\WINDOWS\system32\xactengine2_7.dll 2010-01-22 23:07:10 ----A---- D:\WINDOWS\system32\d3dx10_33.dll 2010-01-22 23:07:10 ----A---- D:\WINDOWS\system32\D3DCompiler_33.dll 2010-01-22 23:07:07 ----A---- D:\WINDOWS\system32\xactengine2_6.dll 2010-01-22 23:07:07 ----A---- D:\WINDOWS\system32\d3dx9_33.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\xactengine2_5.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\xactengine2_4.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\x3daudio1_1.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\d3dx9_32.dll 2010-01-22 23:07:06 ----A---- D:\WINDOWS\system32\d3dx9_31.dll 2010-01-22 23:07:05 ----A---- D:\WINDOWS\system32\xinput1_2.dll 2010-01-22 23:07:05 ----A---- D:\WINDOWS\system32\xinput1_1.dll 2010-01-22 23:07:05 ----A---- D:\WINDOWS\system32\xactengine2_3.dll 2010-01-22 23:07:05 ----A---- D:\WINDOWS\system32\xactengine2_2.dll 2010-01-22 23:07:04 ----A---- D:\WINDOWS\system32\xactengine2_1.dll 2010-01-22 23:06:56 ----A---- D:\WINDOWS\system32\d3dx9_30.dll 2010-01-22 23:06:55 ----A---- D:\WINDOWS\system32\xactengine2_0.dll 2010-01-22 23:06:55 ----A---- D:\WINDOWS\system32\x3daudio1_0.dll 2010-01-22 23:06:55 ----A---- D:\WINDOWS\system32\d3dx9_29.dll 2010-01-22 23:06:55 ----A---- D:\WINDOWS\system32\d3dx9_28.dll 2010-01-22 23:06:54 ----A---- D:\WINDOWS\system32\xinput9_1_0.dll 2010-01-22 23:06:54 ----A---- D:\WINDOWS\system32\d3dx9_27.dll 2010-01-22 23:06:54 ----A---- D:\WINDOWS\system32\d3dx9_26.dll 2010-01-22 23:06:54 ----A---- D:\WINDOWS\system32\d3dx9_25.dll 2010-01-22 23:06:53 ----A---- D:\WINDOWS\system32\d3dx9_24.dll 2010-01-22 19:56:45 ----D---- D:\Program Files\DAEMON Tools Lite 2010-01-22 19:56:19 ----D---- D:\Documents and Settings\cageux\Application Data\DAEMON Tools Lite 2010-01-22 19:56:17 ----D---- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2010-01-22 19:50:37 ----D---- D:\Program Files\Lavalys 2010-01-22 19:46:03 ----RSD---- D:\WINDOWS\assembly 2010-01-22 19:45:48 ----D---- D:\WINDOWS\Microsoft.NET 2010-01-22 19:44:53 ----D---- D:\Program Files\Fichiers communs\BioWare 2010-01-22 19:38:50 ----D---- D:\WINDOWS\system32\NtmsData 2010-01-22 15:23:17 ----D---- D:\WINDOWS\system32\Lang 2010-01-22 15:08:09 ----A---- D:\WINDOWS\system32\ksuser.dll 2010-01-22 15:07:14 ----D---- D:\WINDOWS\Prefetch 2010-01-22 14:59:54 ----N---- D:\WINDOWS\system32\msxml6r.dll 2010-01-22 14:59:54 ----N---- D:\WINDOWS\system32\msxml6.dll 2010-01-22 14:59:45 ----N---- D:\WINDOWS\system32\aaclient.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapsvc.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapqec.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eappprxy.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapphost.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eappgnui.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eappcfg.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapp3hst.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\eapolqec.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3ui.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3svc.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3msm.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3gpclnt.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3dlg.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3cfg.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dot3api.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dimsroam.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dimsntfy.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\dhcpqec.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\credssp.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\bitsprx4.dll 2010-01-22 14:59:44 ----N---- D:\WINDOWS\system32\azroles.dll 2010-01-22 14:59:43 ----N---- D:\WINDOWS\system32\kbdpash.dll 2010-01-22 14:59:43 ----N---- D:\WINDOWS\system32\kbdnepr.dll 2010-01-22 14:59:43 ----N---- D:\WINDOWS\system32\kbdiultn.dll 2010-01-22 14:59:43 ----N---- D:\WINDOWS\system32\kbdbhc.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\onex.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\napstat.exe 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\napmontr.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\napipsec.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\msshavmsg.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\mssha.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\mmcperf.exe 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\mmcfxcommon.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\mmcex.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\microsoft.managementconsole.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\l2gpstore.dll 2010-01-22 14:59:42 ----N---- D:\WINDOWS\system32\kmsvc.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\setupn.exe 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\rhttpaa.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\rasqec.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\qutil.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\qcliprov.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\qagentrt.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\qagent.dll 2010-01-22 14:59:41 ----N---- D:\WINDOWS\system32\photometadatahandler.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\xpsp3res.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\wmphoto.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\wlanapi.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\windowscodecsext.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\windowscodecs.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\verclsid.exe 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\tzchange.exe 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\tspkg.dll 2010-01-22 14:59:40 ----N---- D:\WINDOWS\system32\tsgqec.dll 2010-01-22 14:59:39 ----N---- D:\WINDOWS\system32\xmllite.dll 2010-01-22 14:59:39 ----D---- D:\WINDOWS\system32\fr-fr 2010-01-22 14:59:38 ----D---- D:\WINDOWS\system32\fr 2010-01-22 14:59:38 ----D---- D:\WINDOWS\system32\bits 2010-01-22 14:59:38 ----D---- D:\WINDOWS\l2schemas 2010-01-22 14:59:05 ----R---- D:\WINDOWS\alcwzrd.exe 2010-01-22 14:59:05 ----R---- D:\WINDOWS\Alcmtr.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\system32\ChCfg.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\SoundMan.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\SkyTel.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\RtlUpd.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\RTLCPL.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\RTHDCPL.exe 2010-01-22 14:59:04 ----R---- D:\WINDOWS\MicCal.exe 2010-01-22 14:59:04 ----D---- D:\WINDOWS\system32\RTCOM 2010-01-22 14:58:43 ----R---- D:\WINDOWS\RtlExUpd.dll 2010-01-22 14:58:43 ----A---- D:\WINDOWS\HideWin.exe 2010-01-22 14:56:30 ----D---- D:\WINDOWS\network diagnostic 2010-01-22 14:56:00 ----A---- D:\WINDOWS\004850_.tmp 2010-01-22 14:53:47 ----D---- D:\Program Files\Avira 2010-01-22 14:53:47 ----D---- D:\Documents and Settings\All Users\Application Data\Avira 2010-01-22 14:51:00 ----D---- D:\WINDOWS\system32\SoftwareDistribution 2010-01-22 14:49:13 ----D---- D:\WINDOWS\SoftwareDistribution 2010-01-22 14:49:11 ----SD---- D:\WINDOWS\system32\Microsoft 2010-01-22 14:46:00 ----N---- D:\WINDOWS\system32\proxycfg.exe 2010-01-22 14:46:00 ----N---- D:\WINDOWS\system32\logman.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\msdadiag.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\MP4SDMOD.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\MP43DMOD.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\mdmxsdk.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdukx.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdsmsno.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdsmsfi.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdno1.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdmlt48.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdmlt47.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdmaori.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdinmal.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdinben.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdinbe1.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\kbdfi1.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ieencode.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\hsfcisp2.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\hccoin.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\fwcfg.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\fsquirt.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\fltmc.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\extmgr.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\encdec.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\encapi.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\dxdiagn.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\dsprpres.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\d3d9.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\cmsetacl.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\btpanui.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\bthserv.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\bthci.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\blastcln.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\bitsprx3.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\bitsprx2.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\auditusr.exe 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ativvaxx.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ativtmxx.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati3duag.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati3d1ag.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati2dvag.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati2dvaa.dll 2010-01-22 14:45:58 ----N---- D:\WINDOWS\system32\ati2cqag.dll 2010-01-22 14:45:58 ----A---- D:\WINDOWS\system32\httpapi.dll 2010-01-22 14:45:58 ----A---- D:\WINDOWS\system32\fltlib.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\xpsp1res.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\xpob2res.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\WMSPDMOE.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmspdmod.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmsdmoe2.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmpdxm.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmpasf.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmp.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmidx.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\wmerror.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\winshfhc.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\winbrand.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\w3ssl.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\twext.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\smbinst.exe 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slserv.exe 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slrundll.exe 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slgen.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slextspk.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\slcoinst.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\sdhcinst.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\sbeio.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\sbe.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\s3gnb.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\powercfg.exe 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\pnrpnsp.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2psvc.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2pnetsh.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2pgraph.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2pgasvc.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\p2p.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\mtxparhd.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\mssap.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\mspmsnsv.dll 2010-01-22 14:45:57 ----N---- D:\WINDOWS\system32\msftedit.dll 2010-01-22 14:45:57 ----A---- D:\WINDOWS\system32\xpsp2res.dll 2010-01-22 14:45:57 ----A---- D:\WINDOWS\system32\winhttp.dll 2010-01-22 14:45:57 ----A---- D:\WINDOWS\system32\strmfilt.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\xmlprovi.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\xmlprov.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wuaueng1.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wuauclt1.exe 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wshbth.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wscntfy.exe 2010-01-22 14:45:56 ----N---- D:\WINDOWS\system32\wmvdmoe2.dll 2010-01-22 14:45:56 ----N---- D:\WINDOWS\slrundll.exe 2010-01-22 14:45:56 ----D---- D:\WINDOWS\peernet 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wuweb.dll 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wups.dll 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wucltui.dll 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wuapi.dll 2010-01-22 14:45:56 ----A---- D:\WINDOWS\system32\wscsvc.dll 2010-01-22 14:45:55 ----D---- D:\WINDOWS\provisioning 2010-01-22 14:45:26 ----D---- D:\WINDOWS\ServicePackFiles 2010-01-22 14:44:42 ----D---- D:\WINDOWS\system32\ReinstallBackups 2010-01-22 14:44:42 ----A---- D:\WINDOWS\002108_.tmp 2010-01-22 14:44:37 ----A---- D:\WINDOWS\system32\spupdsvc.exe 2010-01-22 14:44:08 ----HDC---- D:\WINDOWS\$NtServicePackUninstall$ 2010-01-22 14:44:06 ----D---- D:\WINDOWS\EHome 2010-01-22 12:44:14 ----A---- D:\WINDOWS\system32\iuengine.dll 2010-01-22 03:30:04 ----D---- D:\Program Files\SuperCopier2 2010-01-21 23:45:49 ----D---- D:\Documents and Settings\cageux\Application Data\WinRAR 2010-01-21 23:34:41 ----D---- D:\Documents and Settings\cageux\Application Data\BitTorrent 2010-01-21 23:34:29 ----D---- D:\Program Files\BitTorrent 2010-01-21 23:34:02 ----D---- D:\Program Files\WinRAR 2010-01-21 23:17:34 ----D---- D:\Program Files\Runtime Software 2010-01-21 22:50:20 ----D---- D:\Program Files\NTFS Undelete 2010-01-21 22:07:22 ----D---- D:\recup 2010-01-21 20:15:13 ----D---- D:\Documents and Settings\cageux\Application Data\Macromedia 2010-01-21 20:15:13 ----D---- D:\Documents and Settings\cageux\Application Data\Adobe 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\PICSDK2.dll 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\PICSDK.ini 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\PICSDK.dll 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\PICEntry.dll 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\EpPicPrt.dll 2010-01-21 18:31:41 ----A---- D:\WINDOWS\system32\EPPicMgr.dll 2010-01-21 18:29:45 ----A---- D:\WINDOWS\system32\E_FLBEGE.DLL 2010-01-21 18:29:45 ----A---- D:\WINDOWS\system32\E_FD4BEGE.DLL 2010-01-21 18:29:45 ----A---- D:\WINDOWS\system32\E_DCINST.DLL 2010-01-21 18:29:35 ----DC---- D:\WINDOWS\system32\DRVSTORE 2010-01-21 18:29:32 ----D---- D:\Documents and Settings\All Users\Application Data\EPSON 2010-01-21 17:54:07 ----D---- D:\Documents and Settings\cageux\Application Data\Mozilla 2010-01-21 16:12:30 ----A---- D:\WINDOWS\system32\wpa.bak 2010-01-21 16:06:54 ----D---- D:\Program Files\Mozilla Firefox 2010-01-21 16:05:22 ----D---- D:\WINDOWS\nview 2010-01-21 16:05:22 ----A---- D:\WINDOWS\system32\nvudisp.exe 2010-01-21 16:05:03 ----A---- D:\WINDOWS\system32\NVUNINST.EXE 2010-01-21 16:04:55 ----D---- D:\Program Files\Fichiers communs\InstallShield 2010-01-21 15:32:08 ----D---- D:\WINDOWS\OPTIONS 2010-01-21 15:32:08 ----D---- D:\Program Files\Realtek 2010-01-21 15:32:07 ----HD---- D:\Program Files\InstallShield Installation Information 2010-01-21 15:32:05 ----D---- D:\Documents and Settings\cageux\Application Data\InstallShield 2010-01-21 14:52:52 ----SHD---- D:\RECYCLER 2010-01-21 14:33:17 ----RSHDC---- D:\WINDOWS\system32\dllcache 2010-01-21 14:33:17 ----RSD---- D:\WINDOWS\Fonts 2010-01-21 14:33:17 ----RD---- D:\WINDOWS\Web 2010-01-21 14:33:17 ----HD---- D:\WINDOWS\inf 2010-01-21 14:33:17 ----D---- D:\WINDOWS\WinSxS 2010-01-21 14:33:17 ----D---- D:\WINDOWS\twain_32 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Temp 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\wins 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\wbem 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\usmt 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\spool 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\ShellExt 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\Setup 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\ras 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\oobe 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\npp 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\mui 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\inetsrv 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\IME 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\icsxml 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\ias 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\export 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\drivers 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\dhcp 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\config 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\3com_dmi 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\3076 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\2052 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1054 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1042 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1041 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1037 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1036 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1033 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1031 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1028 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32\1025 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system32 2010-01-21 14:33:17 ----D---- D:\WINDOWS\system 2010-01-21 14:33:17 ----D---- D:\WINDOWS\security 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Resources 2010-01-21 14:33:17 ----D---- D:\WINDOWS\repair 2010-01-21 14:33:17 ----D---- D:\WINDOWS\mui 2010-01-21 14:33:17 ----D---- D:\WINDOWS\msapps 2010-01-21 14:33:17 ----D---- D:\WINDOWS\msagent 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Media 2010-01-21 14:33:17 ----D---- D:\WINDOWS\java 2010-01-21 14:33:17 ----D---- D:\WINDOWS\ime 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Help 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Driver Cache 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Debug 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Cursors 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Connection Wizard 2010-01-21 14:33:17 ----D---- D:\WINDOWS\Config 2010-01-21 14:33:17 ----D---- D:\WINDOWS\AppPatch 2010-01-21 14:33:17 ----D---- D:\WINDOWS\addins 2010-01-21 14:33:17 ----D---- D:\WINDOWS 2010-01-21 13:46:59 ----SHD---- D:\WINDOWS\Installer 2010-01-21 13:46:57 ----D---- D:\Documents and Settings\cageux\Application Data\Identities 2010-01-21 13:46:54 ----HD---- D:\Program Files\Uninstall Information 2010-01-21 13:46:46 ----SD---- D:\Documents and Settings\cageux\Application Data\Microsoft 2010-01-21 13:46:46 ----ASH---- D:\Documents and Settings\cageux\Application Data\desktop.ini 2010-01-21 13:46:17 ----SHD---- D:\System Volume Information 2010-01-21 13:46:17 ----A---- D:\WINDOWS\SchedLgU.Txt 2010-01-21 13:43:42 ----D---- D:\WINDOWS\system32\xircom 2010-01-21 13:43:42 ----D---- D:\Program Files\xerox 2010-01-21 13:43:42 ----D---- D:\Program Files\microsoft frontpage 2010-01-21 13:43:32 ----A---- D:\WINDOWS\control.ini 2010-01-21 13:43:27 ----A---- D:\WINDOWS\OEWABLog.txt 2010-01-21 13:43:25 ----A---- D:\WINDOWS\system32\mapi32.dll 2010-01-21 13:42:58 ----SD---- D:\WINDOWS\Downloaded Program Files 2010-01-21 13:42:58 ----RD---- D:\WINDOWS\Offline Web Pages 2010-01-21 13:42:58 ----RAH---- D:\WINDOWS\system32\logonui.exe.manifest 2010-01-21 13:42:55 ----RAH---- D:\WINDOWS\system32\cdplayer.exe.manifest 2010-01-21 13:42:45 ----D---- D:\WINDOWS\srchasst 2010-01-21 13:42:40 ----D---- D:\WINDOWS\system32\Macromed 2010-01-21 13:42:40 ----D---- D:\WINDOWS\system32\DirectX 2010-01-21 13:42:32 ----A---- D:\WINDOWS\system32\qmgrprxy.dll 2010-01-21 13:42:32 ----A---- D:\WINDOWS\system32\qmgr.dll 2010-01-21 13:42:31 ----D---- D:\Program Files\Movie Maker 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\safrslv.dll 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\safrdm.dll 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\safrcdlg.dll 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\racpldlg.dll 2010-01-21 13:42:20 ----A---- D:\WINDOWS\system32\atrace.dll 2010-01-21 13:42:17 ----A---- D:\WINDOWS\system32\desktop.ini 2010-01-21 13:42:17 ----A---- D:\WINDOWS\desktop.ini 2010-01-21 13:42:12 ----D---- D:\WINDOWS\system32\Restore 2010-01-21 13:42:12 ----A---- D:\WINDOWS\system32\srsvc.dll 2010-01-21 13:42:12 ----A---- D:\WINDOWS\system32\srrstr.dll 2010-01-21 13:42:12 ----A---- D:\WINDOWS\system32\srclient.dll 2010-01-21 13:42:11 ----D---- D:\Program Files\Windows Media Player 2010-01-21 13:42:11 ----A---- D:\WINDOWS\system32\nmevtmsg.dll 2010-01-21 13:42:11 ----A---- D:\WINDOWS\system32\mnmdd.dll 2010-01-21 13:42:11 ----A---- D:\WINDOWS\system32\isrdbg32.dll 2010-01-21 13:42:11 ----A---- D:\WINDOWS\system32\ils.dll 2010-01-21 13:42:10 ----A---- D:\WINDOWS\system32\nmmkcert.dll 2010-01-21 13:42:10 ----A---- D:\WINDOWS\system32\msconf.dll 2010-01-21 13:42:10 ----A---- D:\WINDOWS\system32\mnmsrvc.exe 2010-01-21 13:42:08 ----D---- D:\WINDOWS\PCHEALTH 2010-01-21 13:42:08 ----D---- D:\Program Files\NetMeeting 2010-01-21 13:42:08 ----A---- D:\WINDOWS\system32\msoert2.dll 2010-01-21 13:42:08 ----A---- D:\WINDOWS\system32\acctres.dll 2010-01-21 13:42:07 ----D---- D:\Program Files\Fichiers communs\Services 2010-01-21 13:42:07 ----A---- D:\WINDOWS\system32\msoeacct.dll 2010-01-21 13:42:06 ----A---- D:\WINDOWS\system32\inetres.dll 2010-01-21 13:42:06 ----A---- D:\WINDOWS\system32\inetcomm.dll 2010-01-21 13:42:04 ----D---- D:\Program Files\Outlook Express 2010-01-21 13:42:03 ----SD---- D:\WINDOWS\Tasks 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\schedsvc.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\mstinit.exe 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\mstask.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\isign32.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\inetcfg.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\icwphbk.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\icwdial.dll 2010-01-21 13:42:03 ----A---- D:\WINDOWS\system32\icfgnt5.dll 2010-01-21 13:42:01 ----D---- D:\Program Files\Fichiers communs\MSSoap 2010-01-21 13:41:58 ----D---- D:\Program Files\Fichiers communs\System 2010-01-21 13:41:57 ----D---- D:\Program Files\Internet Explorer 2010-01-21 13:41:48 ----D---- D:\Program Files\ComPlus Applications 2010-01-21 13:41:47 ----A---- D:\WINDOWS\vbaddin.ini 2010-01-21 13:41:47 ----A---- D:\WINDOWS\vb.ini 2010-01-21 13:41:44 ----D---- D:\WINDOWS\Registration 2010-01-21 13:41:29 ----HD---- D:\Program Files\WindowsUpdate 2010-01-21 13:41:29 ----D---- D:\Program Files\Services en ligne 2010-01-21 13:41:26 ----D---- D:\Program Files\Messenger 2010-01-21 13:41:19 ----D---- D:\Program Files\MSN Gaming Zone 2010-01-21 13:41:19 ----A---- D:\WINDOWS\system32\write.exe 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\sndvol32.exe 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\sndrec32.exe 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\mplay32.exe 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\hypertrm.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\hticons.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\avwav.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\avtapi.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\avmeter.dll 2010-01-21 13:41:13 ----A---- D:\WINDOWS\system32\accwiz.exe 2010-01-21 13:41:12 ----D---- D:\Program Files\Windows NT 2010-01-21 13:41:12 ----A---- D:\WINDOWS\system32\winchat.exe 2010-01-21 13:41:11 ----A---- D:\WINDOWS\system32\mspaint.exe 2010-01-21 13:41:08 ----A---- D:\WINDOWS\system32\clipbrd.exe 2010-01-21 13:41:07 ----A---- D:\WINDOWS\system32\getuname.dll 2010-01-21 13:41:07 ----A---- D:\WINDOWS\system32\charmap.exe 2010-01-21 13:41:07 ----A---- D:\WINDOWS\system32\calc.exe 2010-01-21 13:41:06 ----A---- D:\WINDOWS\system32\wuauserv.dll 2010-01-21 13:41:06 ----A---- D:\WINDOWS\system32\wuaueng.dll 2010-01-21 13:41:06 ----A---- D:\WINDOWS\system32\wuauclt.exe 2010-01-21 13:41:06 ----A---- D:\WINDOWS\system32\tscfgwmi.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\usrlogon.cmd 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tsshutdn.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tslabels.ini 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tskill.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tsdiscon.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tscupgrd.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\tscon.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\termsrv.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\sessmgr.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\reset.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\remotepg.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\rdshost.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\rdsaddin.exe 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\rdchost.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\mstscax.dll 2010-01-21 13:41:05 ----A---- D:\WINDOWS\system32\mstsc.exe 2010-01-21 13:41:04 ----D---- D:\WINDOWS\system32\MsDtc 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\shadow.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rwinsta.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\regini.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rdpwsx.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rdpsnd.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rdpclip.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\rdpcfgex.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\qwinsta.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\qprocess.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\qappsrv.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\mtxoci.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\msg.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\msdtcuiu.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\logoff.exe 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\icaapi.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\cfgbkend.dll 2010-01-21 13:41:04 ----A---- D:\WINDOWS\system32\cdmodem.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\xolehlp.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtctm.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtcprx.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtcprf.ini 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtclog.dll 2010-01-21 13:41:03 ----A---- D:\WINDOWS\system32\msdtc.exe 2010-01-21 13:41:02 ----D---- D:\WINDOWS\system32\Com 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\stclient.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\mtxlegih.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\mtxex.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\mtxdm.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\dcomcnfg.exe 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\comrepl.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\comaddin.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\colbact.dll 2010-01-21 13:41:02 ----A---- D:\WINDOWS\system32\catsrvps.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\comuid.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\comsvcs.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\comsnap.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\clbcatq.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\clbcatex.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\catsrvut.dll 2010-01-21 13:41:01 ----A---- D:\WINDOWS\system32\catsrv.dll 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\wmimgmt.msc 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\servdeps.dll 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\mmfutil.dll 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\licwmi.dll 2010-01-21 13:40:55 ----A---- D:\WINDOWS\system32\cmprops.dll 2010-01-21 13:40:23 ----A---- D:\WINDOWS\system32\h323log.txt 2010-01-21 13:38:17 ----A---- D:\WINDOWS\system32\usbui.dll 2010-01-21 13:37:42 ----A---- D:\WINDOWS\imsins.BAK 2010-01-21 13:37:39 ----D---- D:\Program Files\Fichiers communs\ODBC 2010-01-21 13:37:39 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2010-01-21 13:37:39 ----A---- D:\WINDOWS\ODBCINST.INI 2010-01-21 13:37:37 ----D---- D:\Program Files\Fichiers communs\SpeechEngines 2010-01-21 13:37:35 ----RD---- D:\Program Files 2010-01-21 13:37:35 ----D---- D:\Program Files\Fichiers communs\Microsoft Shared 2010-01-21 13:37:35 ----D---- D:\Program Files\Fichiers communs 2010-01-21 13:37:34 ----RA---- D:\WINDOWS\system32\kbdtuq.dll 2010-01-21 13:37:34 ----RA---- D:\WINDOWS\system32\kbdtuf.dll 2010-01-21 13:37:34 ----RA---- D:\WINDOWS\system32\kbdazel.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdycc.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbduzb.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdur.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdtat.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdru1.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdru.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdmon.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdkyr.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdkaz.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdbu.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdblr.dll 2010-01-21 13:37:32 ----RA---- D:\WINDOWS\system32\kbdaze.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhept.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhela3.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhela2.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhe319.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhe220.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdhe.dll 2010-01-21 13:37:31 ----RA---- D:\WINDOWS\system32\kbdgkl.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdlv1.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdlv.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdlt1.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdlt.dll 2010-01-21 13:37:30 ----RA---- D:\WINDOWS\system32\kbdest.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdycl.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdsl1.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdsl.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdro.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdpl1.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdpl.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdhu1.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdhu.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdcz2.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdcz1.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdcz.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\kbdcr.dll 2010-01-21 13:37:28 ----RA---- D:\WINDOWS\system32\KBDAL.DLL 2010-01-21 13:37:27 ----A---- D:\WINDOWS\system32\irclass.dll 2010-01-21 13:37:27 ----A---- D:\WINDOWS\system32\dgsetup.dll 2010-01-21 13:37:27 ----A---- D:\WINDOWS\system32\dgrpsetu.dll 2010-01-21 13:37:26 ----A---- D:\WINDOWS\system32\spxcoins.dll 2010-01-21 13:37:26 ----A---- D:\WINDOWS\system32\EqnClass.Dll 2010-01-21 13:37:26 ----A---- D:\WINDOWS\system32\batt.dll 2010-01-21 13:37:25 ----N---- D:\WINDOWS\system32\CONFIG.TMP 2010-01-21 13:37:25 ----A---- D:\WINDOWS\TASKMAN.EXE 2010-01-21 13:37:25 ----A---- D:\WINDOWS\notepad.exe 2010-01-21 13:37:23 ----A---- D:\WINDOWS\system32\storprop.dll 2010-01-21 13:37:18 ----ASH---- D:\Documents and Settings\All Users\Application Data\desktop.ini 2010-01-21 13:36:48 ----RA---- D:\WINDOWS\SET7.tmp 2010-01-21 13:36:46 ----RA---- D:\WINDOWS\SET3.tmp 2010-01-21 13:36:42 ----D---- D:\WINDOWS\system32\CatRoot2 2010-01-21 13:36:42 ----D---- D:\WINDOWS\system32\CatRoot 2010-01-21 13:36:36 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft 2010-01-21 13:36:26 ----A---- D:\WINDOWS\setuplog.txt 2010-01-21 13:36:23 ----D---- D:\Documents and Settings ======List of files/folders modified in the last 1 months====== 2010-02-20 00:48:39 ----A---- D:\WINDOWS\win.ini 2010-02-20 00:48:39 ----A---- D:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 nltdi;nltdi; \??\D:\WINDOWS\system32\drivers\nltdi.sys [] R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-23 28520] R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-23 56816] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728] R3 MBAMSwissArmy;MBAMSwissArmy; \??\D:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 mouhid;Pilote HID de souris; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288] R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-03-24 6547872] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-12-05 104064] R3 usbhub;Concentrateur USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbstor;Pilote de stockage de masse USB; D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 af9294q5;af9294q5; D:\WINDOWS\system32\drivers\af9294q5.sys [] S3 cpuz130;cpuz130; \??\D:\DOCUME~1\cageux\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [] S3 ENTECH;ENTECH; \??\D:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 gdrv;gdrv; \??\D:\WINDOWS\gdrv.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; D:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-23 108289] R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-23 185089] R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-17 143872] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664] R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-01-28 153376] R2 nlsvc;NetLimiter; D:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-03-21 516096] R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\System32\nvsvc32.exe [2008-03-24 155716] S2 gupdate;Service Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-24 135664] S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour; E:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-23 30192] S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Media Center 14 Service;Media Center 14 Service; D:\Program Files\J River\Media Center 14\JRService.exe [2010-01-19 380928] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 Bonjour Service;Service Bonjour; D:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Merci
- le 20 février 2010
- 10 réponses
[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

willow93 a posté un sujet dans Analyses et éradication malwares

Bonsoir, Voila j'ai du encore choper un microbe quelque part... Mes symptômes que je peut voir : Des pubs intempestives (fenêtre intenet explorer) et pas d'accès possible au CTRL + Alt + Suppr (très embêtant) Voici un rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:06:05, on 20/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe D:\WINDOWS\system32\lspvt32.exe D:\Program Files\SuperCopier2\SuperCopier2.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Google\Update\GoogleUpdate.exe D:\Program Files\NetLimiter 2 Pro\nlsvc.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\NetLimiter 2 Pro\NLClient.exe D:\Program Files\Avira\AntiVir Desktop\avscan.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Java\jre6\bin\javaw.exe D:\Documents and Settings\cageux\Mes documents\Téléchargements\HiJackThis.exe D:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Microsoft ALU manager] D:\WINDOWS\system32\lspvt32.exe O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [superCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - E:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Media Center 14 Service - J. River, Inc. - D:\Program Files\J River\Media Center 14\JRService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe -- End of file - 5170 bytes Merci d'avance pour votre aide
- le 20 février 2010
- 10 réponses
[resolu]Virus/malware --> Pubs + pas de regedit + pas de CTRL ALT

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

super ca marche nikel Franchement merci bcp pour la réactivité de ta réponse. comment je met résolu ?
- le 4 juillet 2009
- 5 réponses
[resolu]Virus/malware --> Pubs + pas de regedit + pas de CTRL ALT

willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares

voici le post et merci pour la réponse ! ComboFix 09-07-03.03 - Propriétaire 04/07/2009 17:21.6 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1578 [GMT 2:00] Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Propriétaire\Bureau\CFScript .txt FILE :: "c:\windows\system32\lspvt32.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lspvt32.exe c:\windows\system32\Process.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GARENAPENGINE -------\Legacy_MDXGTHKN -------\Service_mdxgthkn ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-04 au 2009-07-04 )))))))))))))))))))))))))))))))))))) . 2009-07-04 13:37 . 2009-07-04 13:54 -------- d-----w- c:\program files\Navilog1 2009-07-04 13:18 . 2009-07-04 13:19 -------- d-----w- C:\ToolBar SD 2009-07-03 22:42 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-03 22:42 . 2009-07-03 22:42 -------- d-----w- c:\windows\ie8updates 2009-07-03 22:42 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-03 22:42 . 2009-04-30 21:16 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-03 22:42 . 2009-04-30 21:16 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-03 22:42 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-03 22:41 . 2009-07-03 22:41 -------- dc-h--w- c:\windows\ie8 2009-07-03 19:40 . 2009-07-03 19:40 12800 ----a-w- c:\windows\system32\bootdelete.exe 2009-07-03 19:36 . 2009-07-03 19:42 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2009-07-03 19:36 . 2009-07-03 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2009-07-03 19:36 . 2009-07-03 19:36 -------- d-----w- c:\program files\Hitman Pro 3.5 2009-07-03 19:27 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-03 19:27 . 2009-07-03 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-03 19:27 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-03 19:27 . 2009-07-03 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-03 18:49 . 2009-07-03 18:49 -------- dc----w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-07-03 18:49 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-03 18:07 . 2009-07-03 18:07 -------- d-----w- c:\program files\RegEditX 2009-07-03 17:59 . 2009-07-03 18:03 -------- d-----w- c:\program files\Registry Easy 2009-07-03 17:48 . 2009-07-03 17:48 -------- d-----w- c:\program files\Bill2's Process Manager 2009-07-03 17:24 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-07-03 17:24 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-07-03 17:22 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll 2009-07-03 17:22 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-07-03 17:09 . 2001-08-17 19:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys 2009-07-03 17:09 . 2008-04-13 09:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys 2009-07-03 17:07 . 2001-08-17 18:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys 2009-07-03 17:06 . 2001-08-17 19:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys 2009-07-03 17:05 . 2001-08-23 15:47 42496 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll 2009-07-03 17:04 . 2001-08-17 18:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys 2009-07-03 17:03 . 2001-08-23 15:03 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys 2009-07-03 17:02 . 2008-04-13 17:31 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2009-07-03 17:01 . 2001-08-17 19:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys 2009-07-03 17:00 . 2001-08-23 15:46 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll 2009-07-03 16:59 . 2001-08-17 18:19 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys 2009-07-03 16:58 . 2001-08-17 18:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys 2009-07-03 16:57 . 2001-08-17 19:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys 2009-07-03 16:56 . 2001-08-17 19:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys 2009-07-03 16:56 . 2008-04-13 07:35 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys 2009-07-03 16:56 . 2001-08-17 19:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys 2009-07-03 16:56 . 2001-08-17 18:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys 2009-07-03 16:56 . 2001-08-17 20:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys 2009-07-03 16:56 . 2001-08-17 19:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys 2009-07-03 16:56 . 2001-08-17 19:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys 2009-07-03 16:56 . 2001-08-17 18:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys 2009-07-03 16:56 . 2001-08-17 20:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys 2009-07-03 16:56 . 2001-08-17 19:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys 2009-07-03 14:42 . 2009-07-03 14:42 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-07-03 14:37 . 2009-07-03 16:31 -------- d-----w- c:\program files\Lavasoft 2009-07-03 14:37 . 2009-07-03 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-07-03 13:29 . 2006-09-21 13:55 45056 ----a-w- c:\windows\system32\OgcDrvSuu.dll 2009-07-03 13:29 . 2006-09-21 13:51 49152 ----a-w- c:\windows\system32\OgcDrvSilva.dll 2009-07-03 13:29 . 2006-09-21 13:51 61440 ----a-w- c:\windows\system32\OgcDrvSena.dll 2009-07-03 13:29 . 2006-09-21 13:51 49152 ----a-w- c:\windows\system32\OgcDrvPyx.dll 2009-07-03 13:29 . 2006-09-21 13:51 61440 ----a-w- c:\windows\system32\OgcDrvMlr.dll 2009-07-03 13:29 . 2006-09-21 13:50 73728 ----a-w- c:\windows\system32\OgcDrvMagellan.dll 2009-07-03 13:29 . 2006-09-21 13:50 61440 ----a-w- c:\windows\system32\OgcDrvLowrance.dll 2009-07-03 13:29 . 2006-09-21 13:50 98304 ----a-w- c:\windows\system32\OgcDrvGarmin.dll 2009-07-03 13:29 . 2006-09-21 13:48 49152 ----a-w- c:\windows\system32\OgcDrvAvmap.dll 2009-07-03 13:29 . 2005-10-10 09:51 909312 ----a-w- c:\windows\system32\x9.dll 2009-07-03 12:07 . 2009-07-03 12:34 -------- d-----w- c:\windows\BDOSCAN8 2009-07-01 17:23 . 2009-07-01 17:23 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP 2009-06-26 10:39 . 2001-08-23 15:19 908000 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys 2009-06-26 10:39 . 2001-08-23 15:19 908000 ----a-w- c:\windows\system32\drivers\HCF_MSFT.sys 2009-06-25 12:58 . 2009-06-25 12:58 -------- d-----w- c:\program files\Cyanide 2009-06-12 00:22 . 2009-06-12 00:22 -------- d-----w- c:\program files\KillingFloor 2009-06-11 19:19 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-06-11 19:19 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-06-11 19:19 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-06-11 19:19 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-06-11 19:19 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-06-11 19:19 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-06-11 19:19 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-03 22:59 . 2004-08-05 12:00 84526 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-03 22:59 . 2004-08-05 12:00 510324 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-03 19:33 . 2009-07-03 19:33 2086 ----a-w- c:\program files\zlwugc.txt 2009-07-03 18:44 . 2009-02-04 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-03 17:19 . 2008-12-19 02:11 -------- d-----w- c:\program files\KraiSoft Games 2009-07-03 15:45 . 2008-10-31 00:48 -------- d-----w- c:\program files\MpcStar 2009-07-03 14:30 . 2008-09-16 20:20 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-07-03 14:29 . 2009-01-31 14:19 -------- d-----w- c:\program files\Crayon Physics Deluxe 2009-07-03 14:26 . 2008-08-13 20:18 -------- d-----w- c:\program files\Restore 2009-07-03 14:25 . 2008-07-20 14:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-03 14:24 . 2009-01-25 01:30 -------- d-----w- c:\program files\ZNsoft Corporation 2009-07-03 13:28 . 2009-07-03 13:28 -------- d-----w- c:\program files\Bayo 2009-07-03 13:28 . 2009-07-03 13:28 -------- d-----w- c:\program files\Fichiers communs\Bayo 2009-07-03 12:20 . 2009-01-25 01:32 -------- d-----w- c:\program files\KeenfinderSrch 2009-07-02 13:45 . 2009-01-01 19:49 -------- d-----w- c:\program files\Hamachi 2009-07-01 17:30 . 2008-07-20 15:16 -------- d-----w- c:\program files\eMule 2009-07-01 17:23 . 2008-07-20 18:55 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-06-25 12:17 . 2009-02-04 02:50 -------- d-----w- c:\program files\Google 2009-06-02 13:00 . 2008-10-21 19:02 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-06-02 13:00 . 2008-10-21 19:02 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-05-13 05:04 . 2004-08-05 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-08 14:44 . 2009-05-08 14:44 -------- d-----w- c:\program files\7-Zip 2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:34 . 2009-04-29 04:34 81920 ------w- c:\windows\system32\ieencode.dll 2009-04-21 13:16 . 2008-08-13 20:18 249856 ------w- c:\windows\Setup1.exe 2009-04-21 13:16 . 2008-08-13 20:18 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-04-19 19:50 . 2004-08-05 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2004-08-05 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot_2009-07-04_13.13.15 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-04 15:26 . 2009-07-04 15:26 16384 c:\windows\Temp\Perflib_Perfdata_170.dat + 2009-07-04 15:26 . 2009-07-04 15:26 16384 c:\windows\Temp\Perflib_Perfdata_124.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 344064] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "ProcessManager"="c:\program files\Bill2's Process Manager\ProcessManager.exe" [2009-05-30 1830912] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Krait"="c:\program files\Razer\Krait\razerhid.exe" [2006-01-24 147456] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^hamachi.lnk] path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk] path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk backup=c:\windows\pss\RocketDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk] path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk backup=c:\windows\pss\UberIcon.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "d"=2 (0x2) "helpsvc"=2 (0x2) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "wuauserv"=2 (0x2) "odserv"=3 (0x3) "gusvc"=2 (0x2) "gupdate1c986736c1b1026"=2 (0x2) "avast! Mail Scanner"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\Program Files\\btm 2\\game.dat"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Program Files\\AoE2 xp\\age2_x1\\AGE2_X1.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "e:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"= "e:\\Program Files\\Far Cry 2\\bin\\FC2Launcher.exe"= "e:\\Program Files\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\RayV\\RayV\\RayV.exe"= "e:\\Program Files\\Vietcong\\vietcong_nocd1.6.exe"= "c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "g:\\call of duty 4\\iw3mp.exe"= "c:\\UT2004\\System\\UT2004.exe"= "e:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20429:TCP"= 20429:TCP:BitComet 20429 TCP "20429:UDP"= 20429:UDP:BitComet 20429 UDP "48800:TCP"= 48800:TCP:BitComet 48800 TCP "48800:UDP"= 48800:UDP:BitComet 48800 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [22/01/2009 18:25 28544] S3 krait03;Razer krait USB Filter Driver;c:\windows\system32\drivers\krait.sys [08/01/2009 00:37 13324] S4 gupdate1c986736c1b1026;Google Update Service (gupdate1c986736c1b1026);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2009 04:51 133104] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-07-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 22:47] 2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 02:51] 2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 02:51] 2009-07-03 c:\windows\Tasks\Schedule Task Weekly.job - c:\program files\Registry Easy\RE.exe [2009-07-03 15:49] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.atcomet.com/m/ uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Add to AMV Convert Tool... - j:\mp3 amv\AMVConverter\grab.html IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - j:\mp3 amv\MediaManager\grab.html IE: PimpFish - Saisir cette image - c:\program files\PimpFish\GRABPIC.HTM IE: PimpFish - Saisir le fichier cible - c:\program files\PimpFish\GRABLINK.HTM IE: PimpFish - Saisir les images auxquelles cette page est reliée - c:\program files\PimpFish\GRABPAGELINKS.HTM IE: PimpFish - Saisir les images sur cette page - c:\program files\PimpFish\GRABPAGEPICS.HTM IE: PimpFish - Saisir les vidéos sur cette page - c:\program files\PimpFish\GRABPAGEMOVIES.HTM Trusted Zone: localhost DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\sfnqjq43.default\ FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\RayV\RayV\RayVExtension@RayV.com\plugins\nprayvplugin.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-04 17:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-842925246-1788223648-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:6f,87,91,50,4b,99,87,92,db,10,74,42,6b,21,c1,a4,ed,76,5d,7f,3a,2f,84, 58,a1,d0,92,50,54,1c,00,41,08,17,9f,25,17,fd,de,9b,c7,79,23,a3,67,ee,df,5c,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 [HKEY_USERS\S-1-5-21-842925246-1788223648-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:0c,d0,f7,c7,1d,6e,99,75,20,16,81,48,31,45,00,3b,e2,84,94,37,be, 65,c6,86,15,33,6e,b8,6e,74,7c,8f,3d,63,95,bb,94,3d,60,22,6c,8b,fb,49,e2,6a,\ "rkeysecu"=hex:62,20,b7,2f,fe,1a,9f,31,09,01,0a,ce,d7,f0,77,1c . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2752) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\program files\Razer\Krait\razerofa.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-07-04 17:28 - La machine a redémarré ComboFix-quarantined-files.txt 2009-07-04 15:28 ComboFix2.txt 2009-07-04 13:14 ComboFix3.txt 2009-07-03 23:15 ComboFix4.txt 2009-07-03 22:23 ComboFix5.txt 2009-07-04 15:21 Avant-CF: 156 127 232 octets libres Après-CF: 2 143 944 704 octets libres 313 --- E O F --- 2009-02-27 00:32 Le probleme semble résolu !
- le 4 juillet 2009
- 5 réponses
[resolu]Virus/malware --> Pubs + pas de regedit + pas de CTRL ALT

willow93 a posté un sujet dans Analyses et éradication malwares

salut Je suis sous Xp sp3 et j'ai les symptômes suivants : - Pubs intempestives (sans naviguer) (ad-xtende) - Pas d'accès a regedit (n'existe pas) - Pas d'accès a Ctrl alt supr (même avec clik droit sur barre des taches) - Pas d'accès au mode sans échec (hll manquant !) Scan virus en ligne + avast effectué. Virus trouvés mais pas résolu... Anti malware affectué (Hijack + malwarebytes's) avec plusieurs erreurs trouvées mais non résolu voici le log Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:04:04, on 03/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe G:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Razer\Krait\razerhid.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\lspvt32.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe G:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Bill2's Process Manager\ProcessManager.exe G:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Razer\Krait\razerofa.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft ALU manager] C:\WINDOWS\system32\lspvt32.exe O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [RGSC] G:\Gta 4\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ProcessManager] C:\Program Files\Bill2's Process Manager\ProcessManager.exe -minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add to AMV Convert Tool... - J:\Mp3 amv\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - J:\Mp3 amv\MediaManager\grab.html O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - G:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8685 bytes voici mon log malwarebytes : Malwarebytes' Anti-Malware 1.38 Version de la base de données: 2369 Windows 5.1.2600 Service Pack 3 03/07/2009 23:47:19 mbam-log-2009-07-03 (23-47-19).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|) Eléments examinés: 196559 Temps écoulé: 39 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): f:\system volume information\_restore{c05c538a-8e97-4515-ba33-b03d22330008}\rp270\A0075066.com (Spyware.OnlineGames) -> Quarantined and deleted successfully. rapport combo fixe ComboFix 09-07-03.03 - Propriétaire 04/07/2009 0:20.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1606 [GMT 2:00] Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-03 au 2009-07-03 )))))))))))))))))))))))))))))))))))) . 2009-07-03 19:40 . 2009-07-03 19:40 12800 ----a-w- c:\windows\system32\bootdelete.exe 2009-07-03 19:36 . 2009-07-03 19:42 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2009-07-03 19:36 . 2009-07-03 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2009-07-03 19:36 . 2009-07-03 19:36 -------- d-----w- c:\program files\Hitman Pro 3.5 2009-07-03 19:27 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-03 19:27 . 2009-07-03 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-03 19:27 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-03 19:27 . 2009-07-03 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-03 18:49 . 2009-07-03 18:49 -------- dc----w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-07-03 18:49 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-07-03 18:49 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-03 18:49 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-07-03 18:49 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-07-03 18:49 . 2009-07-03 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-07-03 18:07 . 2009-07-03 18:07 -------- d-----w- c:\program files\RegEditX 2009-07-03 17:59 . 2009-07-03 18:03 -------- d-----w- c:\program files\Registry Easy 2009-07-03 17:48 . 2009-07-03 17:48 -------- d-----w- c:\program files\Bill2's Process Manager 2009-07-03 17:09 . 2001-08-17 19:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys 2009-07-03 17:09 . 2008-04-13 09:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys 2009-07-03 17:07 . 2001-08-17 18:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys 2009-07-03 17:06 . 2001-08-17 19:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys 2009-07-03 17:05 . 2001-08-23 15:47 42496 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll 2009-07-03 17:04 . 2001-08-17 18:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys 2009-07-03 17:03 . 2001-08-23 15:03 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys 2009-07-03 17:02 . 2008-04-13 17:31 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2009-07-03 17:01 . 2001-08-17 19:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys 2009-07-03 17:00 . 2001-08-23 15:46 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll 2009-07-03 16:59 . 2001-08-17 18:19 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys 2009-07-03 16:58 . 2001-08-17 18:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys 2009-07-03 16:57 . 2001-08-17 19:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys 2009-07-03 16:56 . 2001-08-17 19:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys 2009-07-03 16:56 . 2008-04-13 07:35 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys 2009-07-03 16:56 . 2001-08-17 19:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys 2009-07-03 16:56 . 2001-08-17 18:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys 2009-07-03 16:56 . 2001-08-17 20:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys 2009-07-03 16:56 . 2001-08-17 19:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys 2009-07-03 16:56 . 2001-08-17 19:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys 2009-07-03 16:56 . 2001-08-17 18:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys 2009-07-03 16:56 . 2001-08-17 20:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys 2009-07-03 16:56 . 2001-08-17 19:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys 2009-07-03 14:42 . 2009-07-03 14:42 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-07-03 14:37 . 2009-07-03 16:31 -------- d-----w- c:\program files\Lavasoft 2009-07-03 14:37 . 2009-07-03 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-07-03 13:29 . 2006-09-21 13:55 45056 ----a-w- c:\windows\system32\OgcDrvSuu.dll 2009-07-03 13:29 . 2006-09-21 13:51 49152 ----a-w- c:\windows\system32\OgcDrvSilva.dll 2009-07-03 13:29 . 2006-09-21 13:51 61440 ----a-w- c:\windows\system32\OgcDrvSena.dll 2009-07-03 13:29 . 2006-09-21 13:51 49152 ----a-w- c:\windows\system32\OgcDrvPyx.dll 2009-07-03 13:29 . 2006-09-21 13:51 61440 ----a-w- c:\windows\system32\OgcDrvMlr.dll 2009-07-03 13:29 . 2006-09-21 13:50 73728 ----a-w- c:\windows\system32\OgcDrvMagellan.dll 2009-07-03 13:29 . 2006-09-21 13:50 61440 ----a-w- c:\windows\system32\OgcDrvLowrance.dll 2009-07-03 13:29 . 2006-09-21 13:50 98304 ----a-w- c:\windows\system32\OgcDrvGarmin.dll 2009-07-03 13:29 . 2006-09-21 13:48 49152 ----a-w- c:\windows\system32\OgcDrvAvmap.dll 2009-07-03 13:29 . 2005-10-10 09:51 909312 ----a-w- c:\windows\system32\x9.dll 2009-07-03 12:07 . 2009-07-03 12:34 -------- d-----w- c:\windows\BDOSCAN8 2009-07-03 01:19 . 2009-03-13 10:17 323847872 ----a-w- c:\windows\system32\lspvt32.exe 2009-07-01 17:23 . 2009-07-01 17:23 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP 2009-06-26 10:39 . 2001-08-23 15:19 908000 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys 2009-06-26 10:39 . 2001-08-23 15:19 908000 ----a-w- c:\windows\system32\drivers\HCF_MSFT.sys 2009-06-25 12:58 . 2009-06-25 12:58 -------- d-----w- c:\program files\Cyanide 2009-06-12 00:22 . 2009-06-12 00:22 -------- d-----w- c:\program files\KillingFloor 2009-06-11 19:19 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-06-11 19:19 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-06-11 19:19 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-06-11 19:19 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-06-11 19:19 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-06-11 19:19 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-06-11 19:19 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-03 20:18 . 2004-08-05 12:00 83046 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-03 20:18 . 2004-08-05 12:00 504492 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-03 19:33 . 2009-07-03 19:33 2086 ----a-w- c:\program files\zlwugc.txt 2009-07-03 18:44 . 2009-02-04 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-03 17:19 . 2008-12-19 02:11 -------- d-----w- c:\program files\KraiSoft Games 2009-07-03 15:45 . 2008-10-31 00:48 -------- d-----w- c:\program files\MpcStar 2009-07-03 14:30 . 2008-09-16 20:20 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-07-03 14:29 . 2009-01-31 14:19 -------- d-----w- c:\program files\Crayon Physics Deluxe 2009-07-03 14:26 . 2008-08-13 20:18 -------- d-----w- c:\program files\Restore 2009-07-03 14:25 . 2008-07-20 14:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-03 14:24 . 2009-01-25 01:30 -------- d-----w- c:\program files\ZNsoft Corporation 2009-07-03 13:28 . 2009-07-03 13:28 -------- d-----w- c:\program files\Bayo 2009-07-03 13:28 . 2009-07-03 13:28 -------- d-----w- c:\program files\Fichiers communs\Bayo 2009-07-03 12:20 . 2009-01-25 01:32 -------- d-----w- c:\program files\KeenfinderSrch 2009-07-02 13:45 . 2009-01-01 19:49 -------- d-----w- c:\program files\Hamachi 2009-07-01 17:30 . 2008-07-20 15:16 -------- d-----w- c:\program files\eMule 2009-07-01 17:23 . 2008-07-20 18:55 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-06-25 12:17 . 2009-02-04 02:50 -------- d-----w- c:\program files\Google 2009-06-02 13:00 . 2008-10-21 19:02 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-06-02 13:00 . 2008-10-21 19:02 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-05-08 14:44 . 2009-05-08 14:44 -------- d-----w- c:\program files\7-Zip 2009-04-21 13:16 . 2008-08-13 20:18 249856 ------w- c:\windows\Setup1.exe 2009-04-21 13:16 . 2008-08-13 20:18 73216 ----a-w- c:\windows\ST6UNST.EXE . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 344064] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "ProcessManager"="c:\program files\Bill2's Process Manager\ProcessManager.exe" [2009-05-30 1830912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Krait"="c:\program files\Razer\Krait\razerhid.exe" [2006-01-24 147456] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "Microsoft ALU manager"="c:\windows\system32\lspvt32.exe" [2009-03-13 323847872] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 172544] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^hamachi.lnk] path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk] path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk backup=c:\windows\pss\RocketDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk] path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk backup=c:\windows\pss\UberIcon.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "d"=2 (0x2) "helpsvc"=2 (0x2) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "wuauserv"=2 (0x2) "odserv"=3 (0x3) "gusvc"=2 (0x2) "gupdate1c986736c1b1026"=2 (0x2) "avast! Mail Scanner"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\Program Files\\btm 2\\game.dat"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Program Files\\AoE2 xp\\age2_x1\\AGE2_X1.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "e:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"= "e:\\Program Files\\Far Cry 2\\bin\\FC2Launcher.exe"= "e:\\Program Files\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\RayV\\RayV\\RayV.exe"= "e:\\Program Files\\Vietcong\\vietcong_nocd1.6.exe"= "c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "g:\\call of duty 4\\iw3mp.exe"= "c:\\UT2004\\System\\UT2004.exe"= "e:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20429:TCP"= 20429:TCP:BitComet 20429 TCP "20429:UDP"= 20429:UDP:BitComet 20429 UDP "48800:TCP"= 48800:TCP:BitComet 48800 TCP "48800:UDP"= 48800:UDP:BitComet 48800 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [22/01/2009 18:25 28544] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;g:\program files\Avira\AntiVir Desktop\sched.exe [03/07/2009 20:49 108289] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\BVF4D.tmp --> c:\docume~1\PROPRI~1\LOCALS~1\Temp\BVF4D.tmp [?] S3 krait03;Razer krait USB Filter Driver;c:\windows\system32\drivers\krait.sys [08/01/2009 00:37 13324] S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\PROPRI~1\LOCALS~1\Temp\mdxgthkn.sys [?] S4 gupdate1c986736c1b1026;Google Update Service (gupdate1c986736c1b1026);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2009 04:51 133104] . Contenu du dossier 'Tâches planifiées' 2009-07-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 22:47] 2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 02:51] 2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 02:51] 2009-07-03 c:\windows\Tasks\Schedule Task Weekly.job - c:\program files\Registry Easy\RE.exe [2009-07-03 15:49] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.atcomet.com/m/ uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Add to AMV Convert Tool... - j:\mp3 amv\AMVConverter\grab.html IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - j:\mp3 amv\MediaManager\grab.html IE: PimpFish - Saisir cette image - c:\program files\PimpFish\GRABPIC.HTM IE: PimpFish - Saisir le fichier cible - c:\program files\PimpFish\GRABLINK.HTM IE: PimpFish - Saisir les images auxquelles cette page est reliée - c:\program files\PimpFish\GRABPAGELINKS.HTM IE: PimpFish - Saisir les images sur cette page - c:\program files\PimpFish\GRABPAGEPICS.HTM IE: PimpFish - Saisir les vidéos sur cette page - c:\program files\PimpFish\GRABPAGEMOVIES.HTM Trusted Zone: localhost DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\sfnqjq43.default\ FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\RayV\RayV\RayVExtension@RayV.com\plugins\nprayvplugin.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-04 00:22 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\BVF4D.tmp" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-842925246-1788223648-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:6f,87,91,50,4b,99,87,92,db,10,74,42,6b,21,c1,a4,ed,76,5d,7f,3a,2f,84, 58,a1,d0,92,50,54,1c,00,41,08,17,9f,25,17,fd,de,9b,c7,79,23,a3,67,ee,df,5c,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 [HKEY_USERS\S-1-5-21-842925246-1788223648-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:0c,d0,f7,c7,1d,6e,99,75,20,16,81,48,31,45,00,3b,e2,84,94,37,be, 65,c6,86,15,33,6e,b8,6e,74,7c,8f,3d,63,95,bb,94,3d,60,22,6c,8b,fb,49,e2,6a,\ "rkeysecu"=hex:62,20,b7,2f,fe,1a,9f,31,09,01,0a,ce,d7,f0,77,1c . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3700) c:\windows\system32\eappprxy.dll c:\windows\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll . Heure de fin: 2009-07-03 0:23 ComboFix-quarantined-files.txt 2009-07-03 22:23 ComboFix2.txt 2009-07-03 22:08 ComboFix3.txt 2009-07-03 21:58 Avant-CF: 1 881 546 752 octets libres Après-CF: 1 929 756 672 octets libres 271 --- E O F --- 2009-02-27 00:32
- le 4 juillet 2009
- 5 réponses

Connexion

willow93

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par willow93

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

[Résolu] PC Infecté

Crash de l'ordi du à virus ?

Crash de l'ordi du à virus ?

[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

analyse de mon rapport combofix(virus msn)

[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

[Résolu, en 24h !] Pubs intempestives + ctrl alt + supr

[resolu]Virus/malware --> Pubs + pas de regedit + pas de CTRL ALT

[resolu]Virus/malware --> Pubs + pas de regedit + pas de CTRL ALT

[resolu]Virus/malware --> Pubs + pas de regedit + pas de CTRL ALT

Zebulon

Outils en ligne

Naviguer