frefranat

Bonjour, je tente depuis plusieurs jours de comprendre pourquoi un logiciel que j'ai réinstallé plusieurs fois déjà n'utilise pas les versions des DLLs de son dossier d'installation. J'ai regardé de plus près mon système est j'y ai découvert des trucs bizarre comme : C:\WINDOWS\system32\SHELL32.dll.124.Manifest, mais aussi des dossiers qui s’effaçaient une fois sélectionnés, des fichiers comme ISwift3.dat impossible à supprimer dans le dossier System Volume Information, hormis le fichier de restauration. Quelqu'un peut-il m'aider ? Merci

Bonjour, je viens d'exécuter ZHP qui dans la recherche MD5 indique : O71 - BDRI:[hklm\software\microsoft\windows\currentversion\run]:avp O71 - BDRI:[hklm\software\classes\clsid\{9461b922-3c5a-11d2-bf8b-00c04fb93661}] O71 - BDRI:[hklm\software\classes\clsid\{47c6c527-6204-4f91-849d-66e234dee015}] O71 - BDRI:[hklm\software\classes\typelib\{eca4e801-17ae-4863-9f5c-af4047aabee0}] O71 - BDRI:[hkcu\software\microsoft\windows\currentversion\internet settings\zones\] après quelques recherches sur le web, il semblerait qu'un virus en soit à l'origine. Quelqu'un a des précisions à m'apporter ? Merci

Bonjour, Rien n'a été trouvé, mais que veut dire "(!) Cet ordinateur n'est pas vacciné!" ? Merci ############################## | UsbFix 7.014 | [Recherche] Utilisateur: FG (Administrateur) # PC-CEM [ ] Mis à jour le 24/06/10 par El Desaparecido / C_XX Lancé à 14:03:27 | 27/06/2010 Site Web: Bienvenue dans nos Pages Persos Contact: FindyKill.Contact@gmail.com CPU: Genuine Intel® CPU T2500 @ 2.00GHz CPU 2: Genuine Intel® CPU T2500 @ 2.00GHz Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Désactivé /!\ Antivirus: Kaspersky PURE 9.0.0.192 [Enabled | Updated] Firewall: Kaspersky PURE 9.0.0.192 [Enabled] RAM -> 3326 Mo C:\ (%systemdrive%) -> Disque fixe # 98 Go (72 Go libre(s) - 74%) [] # NTFS D:\ -> Disque fixe # 195 Go (181 Go libre(s) - 93%) [Eism] # NTFS E:\ -> Disque fixe # 173 Go (156 Go libre(s) - 90%) [] # NTFS F:\ -> CD-ROM G:\ -> Disque fixe # 75 Go (29 Go libre(s) - 38%) [] # NTFS I:\ -> Disque amovible # 4 Go (3 Go libre(s) - 78%) [uSB 4GO] # FAT32 ################## | Éléments infectieux | ################## | Registre | Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F |

Bonjour, le rapport MBAM : Cijoint.fr - Service gratuit de dépôt de fichiers le rapport RSIT info : Cijoint.fr - Service gratuit de dépôt de fichiers RSIT log : Cijoint.fr - Service gratuit de dépôt de fichiers merci pour votre aide. Cordialement

Bonjour, depuis quelques jours ma souris s'arrête souvent; Bluetooth Manager de Toshiba ne fonctionne plus; le touchpad n'est plus actif lorsque je deconnecte la souris; Kaspersky a supprimé SpyWebcam.exe. Mais j'ai toujours des exécutables bizzares comme ifinst27.exe, rcimlby.exe impossible à supprimer, ils reviennent de suite après la suppression. merci de m'aider

Bonjour, je souhaiterais identifier un fichier audio qui est joué de temps en temps par la carte son car il représente une gène. En effet, il est produit de manière aléatoire, et son origine m'est inconnue. Je le décrirais comme deux chuintements successifs d'une durée de 0,5 s chacun, espacé entre eux d'une seconde. Je l'ai déjà entendu sur un autre PC que le mien sans que son propriétaire n'est plus d'explications à me fournir. Quelqu'un connaît ? Merci

Bonjour Angelique, je ne parvient toujours à me débarrasser de ce virus. Peux-tu m'aider ?

Bonjour Angelique, C:\RECYCLER\S-1-5-21-1275210071-515967899-839522115-1003\Dc3.zip Infected: not-a-virus:RiskTool.Win32.PsKill.k 1 C:\RECYCLER\S-1-5-21-1275210071-515967899-839522115-1003\Dc32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1 Je suppose que ce sont des faux-positifs. Je suis en train de regarder le contenu des services hôtes, et en particulier le Netsvcs : 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt TermService wuauserv BITS ShellHWDetection helpsvc xmlprov wscsvc WmdmPmSN napagent hkmsvc

Bonjour Angelique, je sais que je suis parano. OK, passons à autre chose si tu veux. Pourquoi je ne peux pas faire un scan en ligne sur Kaspersky ? merci

Angélique, après tout ça, j'ai toujours plus de 50 connexions sortantes quand j'ouvre Firefox. De plus, je voudrais maintenant, si possible, rapatrier les données qui sont sur le disque infesté et que j'ai déporté en disque externe. Par contre les données sont cryptées. Peux-tu m'aider ? Merci

ComboFix 09-08-26.05 - FG 27-08-09 18:02.3.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.2720 [GMT 2:00] Running from: c:\documents and settings\FG\Bureau\ComboFix.exe Command switches used :: c:\documents and settings\FG\Bureau\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_JFK -------\Service_JFK ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))))) . 2009-08-27 14:53 . 2009-08-27 14:53 -------- d-sh--w- c:\documents and settings\FG\PrivacIE 2009-08-27 12:00 . 2009-08-27 12:16 -------- d-----w- C:\XPSP3 2009-08-27 11:31 . 2009-08-27 11:49 -------- d-----w- C:\XPSP2 2009-08-27 11:19 . 2009-08-27 11:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-08-27 11:18 . 2009-08-27 11:18 -------- d-sh--w- c:\documents and settings\FG\IETldCache 2009-08-27 11:15 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-08-27 11:15 . 2009-08-27 11:15 -------- d-----w- c:\windows\ie8updates 2009-08-27 11:15 . 2009-07-19 16:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-08-27 11:15 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-08-27 11:15 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-27 11:15 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-27 11:15 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-08-27 11:15 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-08-27 11:13 . 2009-08-27 11:14 -------- dc-h--w- c:\windows\ie8 2009-08-27 11:03 . 2009-08-27 12:20 -------- d-----w- C:\XPCD 2009-08-27 09:25 . 2009-08-27 09:25 -------- d-----w- c:\program files\ERDNT_FG 2009-08-26 12:52 . 2009-08-27 11:18 -------- d-----w- c:\windows\system32\fr-fr 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\l2schemas 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\system32\fr 2009-08-26 12:02 . 2009-08-26 12:02 152576 ----a-w- c:\documents and settings\FG\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\FG\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel 2009-08-26 04:11 . 2008-06-20 08:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll 2009-08-26 04:11 . 2008-08-28 21:34 3632384 ----a-w- c:\windows\system32\drivers\NETw5x32.sys 2009-08-26 04:11 . 2008-06-20 08:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll 2009-08-26 04:09 . 2009-08-26 04:09 -------- d-----w- c:\program files\Fichiers communs\Intel 2009-08-26 04:09 . 2009-08-26 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel 2009-08-25 09:16 . 2009-08-25 09:16 -------- d-----w- c:\documents and settings\FG\Application Data\Dell 2009-08-25 09:16 . 2009-08-25 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2009-08-25 07:05 . 2009-08-25 07:05 -------- d-----w- c:\program files\Broadcom 2009-08-25 06:41 . 2006-10-17 09:55 1711104 ----a-w- c:\windows\system32\drivers\NETw3x32.sys 2009-08-25 06:18 . 2009-08-25 06:33 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\documents and settings\FG\Application Data\Malwarebytes 2009-08-23 15:13 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-23 15:13 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-23 11:11 . 2009-06-11 03:38 167936 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\m6z5bo6o.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll 2009-08-23 11:11 . 2008-09-17 18:39 139264 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\m6z5bo6o.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll 2009-08-23 09:22 . 2009-08-23 09:22 -------- d-----w- C:\getservice 2009-08-23 05:10 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-08-23 05:10 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-08-23 05:10 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2009-08-23 05:10 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2009-08-23 05:10 . 2008-04-13 16:39 142592 ------w- c:\windows\system32\drivers\aec.sys 2009-08-23 05:10 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2009-08-23 05:10 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2009-08-23 05:10 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2009-08-23 05:10 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-08-23 05:10 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-08-23 05:10 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-08-23 05:08 . 2009-08-23 05:08 -------- d-----w- c:\program files\CONEXANT 2009-08-23 04:55 . 2007-05-10 08:22 405504 ----a-w- c:\windows\stsystra.exe 2009-08-23 04:55 . 2007-04-10 15:02 1601536 ----a-w- c:\windows\system32\stlang.dll 2009-08-23 04:55 . 2008-04-14 02:33 4096 ----a-w- c:\windows\system32\ksuser.dll 2009-08-23 04:55 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2009-08-23 04:49 . 2007-05-10 08:24 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys 2009-08-23 04:49 . 2007-05-10 08:23 270336 ----a-w- c:\windows\system32\stacapi.dll 2009-08-23 04:49 . 2009-08-23 04:49 -------- d-----w- c:\program files\SigmaTel 2009-08-23 04:49 . 2007-08-21 07:58 146944 ----a-w- c:\windows\system32\st325602.dll 2009-08-23 04:00 . 2009-08-23 04:00 -------- d-s---w- c:\documents and settings\FG\UserData 2009-08-23 03:44 . 2009-08-26 03:39 -------- d-----w- c:\program files\Dell 2009-08-23 03:44 . 2009-08-23 03:44 -------- d-----w- c:\windows\system32\Dell 2009-08-22 15:30 . 2008-04-14 02:34 259072 -c----w- c:\windows\system32\dllcache\msnetobj.dll 2009-08-22 14:17 . 2009-08-23 11:57 1 ----a-w- c:\documents and settings\FG\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-22 14:16 . 2009-08-22 14:16 -------- d-----w- c:\documents and settings\FG\Application Data\OpenOffice.org 2009-08-22 13:53 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-08-22 13:50 . 2009-08-22 13:50 -------- d-----w- c:\program files\MSXML 4.0 2009-08-22 13:06 . 2009-06-11 03:38 167936 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\zfbaah86.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll 2009-08-22 13:06 . 2008-09-17 18:39 139264 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\zfbaah86.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll 2009-08-22 12:38 . 2009-08-22 12:38 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\Google 2009-08-22 12:38 . 2009-08-22 12:38 -------- d-----w- c:\program files\Google 2009-08-22 12:36 . 2009-08-22 12:36 -------- d-----w- c:\program files\JRE 2009-08-22 12:36 . 2009-08-22 12:36 -------- d-----w- c:\program files\OpenOffice.org 3 2009-08-22 12:36 . 2009-07-25 03:23 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-22 12:36 . 2009-08-26 12:03 -------- d-----w- c:\program files\Java 2009-08-22 12:08 . 2009-08-22 12:08 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-08-22 09:04 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-08-22 09:03 . 2009-02-09 11:24 2191104 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-08-22 09:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-08-22 09:03 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-08-22 09:03 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-08-22 09:03 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-08-22 09:03 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-08-22 09:03 . 2009-06-25 08:26 736768 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-08-22 09:03 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-08-22 09:03 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-08-22 09:03 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-08-22 09:03 . 2009-02-09 11:23 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-08-22 09:03 . 2009-02-09 11:23 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-08-22 09:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-08-22 09:00 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-08-22 09:00 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-08-22 09:00 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-08-22 09:00 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-22 09:00 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-08-22 09:00 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-08-22 08:59 . 2009-06-10 07:21 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-08-22 08:59 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll 2009-08-22 08:59 . 2008-10-03 10:03 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll 2009-08-22 08:59 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-08-22 08:54 . 2009-05-28 15:43 27792 ----a-w- c:\windows\system32\drivers\point32.sys 2009-08-22 08:54 . 2009-08-22 08:54 -------- d-----w- c:\program files\Microsoft IntelliPoint 2009-08-22 08:54 . 2009-08-22 08:54 -------- d-----w- c:\program files\MSXML 6.0 2009-08-22 08:53 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-22 08:53 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-08-22 08:19 . 2005-09-28 18:57 113847 ----a-r- c:\windows\system32\drivers\Apfiltr.sys 2009-08-22 08:19 . 2005-03-04 18:31 95511 ----a-r- c:\windows\system32\Vxdif.dll 2009-08-20 10:34 . 2009-08-20 10:34 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\COMODO 2009-08-20 10:25 . 2009-08-20 10:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel 2009-08-20 10:23 . 2009-08-26 04:11 -------- dc----w- c:\windows\system32\DRVSTORE 2009-08-20 10:23 . 2009-08-26 04:09 -------- d-----w- c:\program files\Intel 2009-08-20 10:13 . 2009-08-20 10:13 0 ----a-w- c:\windows\nsreg.dat 2009-08-20 10:13 . 2009-08-20 10:13 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\Mozilla 2009-08-20 09:35 . 2009-08-27 06:22 33632 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-08-20 09:27 . 2009-08-20 09:27 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-08-20 09:19 . 2009-08-27 07:07 -------- d-----w- c:\program files\COMODO 2009-08-20 08:41 . 2009-08-22 12:40 17672 ----a-w- c:\documents and settings\FG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 08:40 . 2009-08-20 08:40 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer 2009-08-20 08:40 . 2009-08-26 12:54 -------- d-----w- c:\windows\system32\wbem\AutoRecover 2009-08-20 08:27 . 2009-08-26 12:52 -------- d-----w- c:\windows\peernet 2009-08-20 08:27 . 2009-08-20 08:27 -------- d-----w- c:\windows\provisioning 2009-08-20 08:26 . 2009-08-20 08:26 -------- d-----w- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-27 16:02 . 2002-08-30 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-27 16:02 . 2002-08-30 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-26 12:56 . 2009-08-19 06:52 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-08-26 05:24 . 2009-08-22 05:55 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-25 09:16 . 2009-08-22 08:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-23 10:59 . 2009-08-22 05:55 -------- d-----w- c:\documents and settings\FG\Application Data\Thunderbird 2009-08-22 08:19 . 2009-08-22 08:19 -------- d-----w- c:\program files\Apoint 2009-08-22 08:19 . 2009-08-20 10:35 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-08-22 06:03 . 2009-08-22 06:03 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-22 05:56 . 2009-08-22 05:56 -------- d-----w- c:\documents and settings\FG\Application Data\Talkback 2009-08-21 08:43 . 2009-08-20 10:36 31740 ----a-w- c:\windows\system32\nvModes.dat 2009-08-19 06:52 . 2009-08-19 06:52 -------- d-----w- c:\program files\microsoft frontpage 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\U9B9BDRP.DAT 2009-08-19 06:52 . 2009-08-19 06:52 558142 ----a-w- c:\windows\java\Packages\MVH3JXNB.ZIP 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\1FHRDVBL.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\ETZTZLB7.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\6WRLBNRX.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\28IAYBNR.DAT 2009-08-19 06:52 . 2009-08-19 06:52 155995 ----a-w- c:\windows\java\Packages\ERRVBXB9.ZIP 2009-08-19 06:49 . 2009-08-19 06:49 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-19 06:49 . 2009-08-19 06:49 -------- d-----w- c:\program files\Services en ligne 2009-08-05 09:00 . 2002-08-30 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:35 . 2002-08-30 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:35 . 2002-08-30 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 19:03 . 2002-08-30 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 10:21 . 2004-08-19 23:09 233472 ------w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2006-06-23 11:28 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2002-08-30 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2002-08-30 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2002-08-30 12:00 527360 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2002-08-30 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2002-08-30 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2002-08-30 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2002-08-30 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2002-08-30 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2002-08-30 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2002-08-30 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2002-08-30 12:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2002-08-30 12:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 08:26 . 2002-08-30 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2002-08-30 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2002-08-30 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2002-08-30 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2002-08-30 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2002-08-30 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-22 11:49 . 2002-08-30 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2002-08-30 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2002-08-30 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2002-08-30 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-15 10:44 . 2002-08-30 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2002-08-30 12:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2002-08-30 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2009-08-19 06:49 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2002-08-30 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2002-08-30 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-08-22 12:38 . 2009-08-22 12:38 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-26_17.35.27 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-27 16:06 . 2009-08-27 16:06 16384 c:\windows\temp\Perflib_Perfdata_ec.dat - 2002-08-30 12:00 . 2008-04-14 02:33 90112 c:\windows\system32\wshext.dll + 2002-08-30 12:00 . 2008-05-09 10:55 90112 c:\windows\system32\wshext.dll + 2009-08-20 07:32 . 2009-01-07 16:21 26144 c:\windows\system32\spupdsvc.exe + 2009-08-26 12:24 . 2009-01-07 16:21 17952 c:\windows\system32\spmsg.dll + 2005-04-27 08:53 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll + 2002-08-30 12:00 . 2009-08-27 16:02 40326 c:\windows\system32\perfc009.dat - 2002-08-30 12:00 . 2009-08-26 17:28 40326 c:\windows\system32\perfc009.dat + 2009-01-07 16:20 . 2009-01-07 16:20 23552 c:\windows\system32\normaliz.dll + 2009-01-07 16:20 . 2009-01-07 16:20 24576 c:\windows\system32\nlsdl.dll + 2002-08-30 12:00 . 2009-03-08 02:31 48128 c:\windows\system32\mshtmler.dll + 2002-08-30 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll + 2002-08-30 12:00 . 2009-03-08 02:31 45568 c:\windows\system32\mshta.exe + 2009-03-08 02:31 . 2009-03-08 02:31 13312 c:\windows\system32\msfeedssync.exe + 2009-03-08 02:31 . 2009-07-03 16:57 55296 c:\windows\system32\msfeedsbs.dll + 2002-08-30 12:00 . 2009-03-08 02:34 43008 c:\windows\system32\licmgr10.dll + 2002-08-30 12:00 . 2009-07-03 16:57 25600 c:\windows\system32\jsproxy.dll + 2002-08-30 12:00 . 2009-03-08 02:32 94720 c:\windows\system32\inseng.dll + 2002-08-30 12:00 . 2009-03-08 02:31 34816 c:\windows\system32\imgutil.dll + 2009-03-08 02:32 . 2009-03-08 02:32 36864 c:\windows\system32\ieudinit.exe + 2002-08-30 12:00 . 2009-03-08 02:32 71680 c:\windows\system32\iesetup.dll + 2002-08-30 12:00 . 2009-03-08 02:32 55808 c:\windows\system32\iernonce.dll + 2009-01-07 16:20 . 2009-01-07 16:20 26112 c:\windows\system32\idndl.dll + 2009-03-08 02:31 . 2009-03-08 02:31 59904 c:\windows\system32\icardie.dll + 2008-05-09 10:55 . 2008-05-09 10:55 90112 c:\windows\system32\dllcache\wshext.dll + 2009-06-25 08:26 . 2009-06-25 08:26 54272 c:\windows\system32\dllcache\wdigest.dll - 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll + 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll + 2009-03-08 02:31 . 2009-03-08 02:31 46592 c:\windows\system32\dllcache\pngfilt.dll + 2009-03-08 02:31 . 2009-03-08 02:31 48128 c:\windows\system32\dllcache\mshtmler.dll + 2009-03-08 02:31 . 2009-03-08 02:31 66560 c:\windows\system32\dllcache\mshtmled.dll + 2009-03-08 02:31 . 2009-03-08 02:31 45568 c:\windows\system32\dllcache\mshta.exe + 2009-03-08 02:34 . 2009-03-08 02:34 43008 c:\windows\system32\dllcache\licmgr10.dll + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys + 2009-03-08 02:33 . 2009-07-03 16:57 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-03-08 02:32 . 2009-03-08 02:32 94720 c:\windows\system32\dllcache\inseng.dll + 2009-03-08 02:31 . 2009-03-08 02:31 34816 c:\windows\system32\dllcache\imgutil.dll + 2009-03-08 02:32 . 2009-03-08 02:32 71680 c:\windows\system32\dllcache\iesetup.dll + 2009-03-08 02:32 . 2009-03-08 02:32 55808 c:\windows\system32\dllcache\iernonce.dll + 2009-03-08 02:24 . 2009-03-08 02:24 68608 c:\windows\system32\dllcache\hmmapi.dll + 2009-03-08 02:33 . 2009-03-08 02:33 18944 c:\windows\system32\dllcache\corpol.dll + 2009-03-08 02:32 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll + 2002-08-30 12:00 . 2009-03-08 02:33 18944 c:\windows\system32\corpol.dll + 2002-08-30 12:00 . 2009-03-08 02:32 72704 c:\windows\system32\admparse.dll + 2001-07-14 15:32 . 2001-07-14 15:32 69632 c:\windows\setupupd\temp\wsdueng.dll + 2009-08-27 11:15 . 2009-03-08 02:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll + 2009-08-27 11:15 . 2009-03-08 02:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll + 2009-08-27 11:15 . 2009-03-08 02:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll + 2009-08-27 11:13 . 2008-04-14 02:33 37888 c:\windows\ie8\url.dll + 2009-08-27 11:14 . 2009-03-08 14:14 58448 c:\windows\ie8\spuninst\iecustom.dll + 2009-08-27 11:13 . 2008-04-14 02:33 39424 c:\windows\ie8\pngfilt.dll + 2009-08-27 11:13 . 2008-04-14 02:33 97280 c:\windows\ie8\occache.dll + 2009-08-27 11:13 . 2008-04-14 01:56 57344 c:\windows\ie8\mshtmler.dll + 2009-08-27 11:13 . 2008-04-14 02:34 29184 c:\windows\ie8\mshta.exe + 2009-08-27 11:13 . 2008-04-14 02:33 22528 c:\windows\ie8\licmgr10.dll + 2009-08-27 11:13 . 2008-04-14 02:33 15872 c:\windows\ie8\jsproxy.dll + 2009-08-27 11:13 . 2008-04-14 02:33 96768 c:\windows\ie8\inseng.dll + 2009-08-27 11:13 . 2008-04-14 02:33 35840 c:\windows\ie8\imgutil.dll + 2009-08-27 11:13 . 2008-04-14 02:34 93184 c:\windows\ie8\iexplore.exe + 2009-08-27 11:13 . 2008-04-14 02:33 63488 c:\windows\ie8\iesetup.dll + 2009-08-27 11:13 . 2008-04-14 02:33 49152 c:\windows\ie8\iernonce.dll + 2009-08-27 11:13 . 2009-06-26 16:50 81920 c:\windows\ie8\ieencode.dll + 2009-08-27 11:13 . 2008-04-14 02:34 34304 c:\windows\ie8\ie4uinit.exe + 2009-08-27 11:13 . 2008-04-14 02:33 38912 c:\windows\ie8\hmmapi.dll + 2009-08-27 11:13 . 2008-04-14 02:33 35328 c:\windows\ie8\corpol.dll + 2009-08-27 11:13 . 2008-04-14 02:33 61440 c:\windows\ie8\admparse.dll + 2009-08-27 11:15 . 2009-03-08 02:35 2048 c:\windows\ie8updates\KB973874-IE8\iecompat.dll + 2009-08-22 15:31 . 2009-01-07 16:21 121856 c:\windows\system32\xmllite.dll - 2009-08-22 15:31 . 2008-04-14 02:33 121856 c:\windows\system32\xmllite.dll - 2002-08-30 12:00 . 2008-04-14 02:34 155648 c:\windows\system32\wscript.exe + 2002-08-30 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe + 2009-03-08 02:34 . 2009-03-08 02:34 208384 c:\windows\system32\WinFXDocObj.exe + 2002-08-30 12:00 . 2009-03-08 02:34 236544 c:\windows\system32\webcheck.dll + 2002-08-30 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll + 2002-08-30 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\url.dll + 2002-08-30 12:00 . 2008-05-09 10:55 172032 c:\windows\system32\scrrun.dll - 2002-08-30 12:00 . 2008-04-14 02:33 172032 c:\windows\system32\scrrun.dll - 2002-08-30 12:00 . 2008-04-14 02:33 180224 c:\windows\system32\scrobj.dll + 2002-08-30 12:00 . 2008-05-09 10:55 180224 c:\windows\system32\scrobj.dll + 2002-08-30 12:00 . 2009-08-27 16:02 311938 c:\windows\system32\perfh009.dat - 2002-08-30 12:00 . 2009-08-26 17:28 311938 c:\windows\system32\perfh009.dat + 2002-08-30 12:00 . 2009-07-03 16:57 206848 c:\windows\system32\occache.dll + 2002-08-30 12:00 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll + 2002-08-30 12:00 . 2009-03-08 02:34 193536 c:\windows\system32\msrating.dll + 2002-08-30 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\msls31.dll + 2009-03-08 02:32 . 2009-07-03 16:57 594432 c:\windows\system32\msfeeds.dll + 2009-01-07 16:20 . 2009-01-07 16:20 265720 c:\windows\system32\msdbg2.dll + 2002-08-30 12:00 . 2008-06-10 01:11 103936 c:\windows\system32\logagent.exe - 2002-08-30 12:00 . 2008-04-14 02:34 103936 c:\windows\system32\logagent.exe + 2006-05-18 06:16 . 2009-03-08 02:33 726528 c:\windows\system32\jscript.dll + 2009-03-08 02:22 . 2009-03-08 02:22 164352 c:\windows\system32\ieui.dll + 2006-02-24 14:21 . 2009-07-03 16:57 184320 c:\windows\system32\iepeers.dll + 2002-08-30 12:00 . 2009-07-03 16:57 386048 c:\windows\system32\iedkcs32.dll + 2009-03-08 02:11 . 2009-03-08 02:11 445952 c:\windows\system32\ieapfltr.dll + 2002-08-30 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\ieakui.dll + 2002-08-30 12:00 . 2009-03-08 02:33 229376 c:\windows\system32\ieaksie.dll + 2002-08-30 12:00 . 2009-03-08 02:33 125952 c:\windows\system32\ieakeng.dll + 2002-08-30 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe + 2006-06-09 12:35 . 2009-03-08 02:31 216064 c:\windows\system32\dxtrans.dll + 2006-06-09 12:35 . 2009-03-08 02:31 348160 c:\windows\system32\dxtmsft.dll + 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe - 2009-07-13 00:18 . 2008-04-14 02:33 233472 c:\windows\system32\dllcache\wmpdxm.dll + 2009-07-13 00:18 . 2009-07-12 10:21 233472 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-26 16:50 . 2009-07-03 16:57 915456 c:\windows\system32\dllcache\wininet.dll + 2009-03-08 02:34 . 2009-03-08 02:34 236544 c:\windows\system32\dllcache\webcheck.dll + 2009-03-08 02:33 . 2009-03-08 02:33 759296 c:\windows\system32\dllcache\VGX.dll + 2008-05-09 10:55 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll + 2009-03-08 02:34 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll + 2009-01-07 16:20 . 2009-01-07 16:20 134144 c:\windows\system32\dllcache\sqmapi.dll + 2009-01-07 16:21 . 2009-01-07 16:21 474624 c:\windows\system32\dllcache\shlwapi.dll + 2008-05-09 10:55 . 2008-05-09 10:55 172032 c:\windows\system32\dllcache\scrrun.dll + 2008-05-09 10:55 . 2008-05-09 10:55 180224 c:\windows\system32\dllcache\scrobj.dll + 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll + 2009-03-08 02:34 . 2009-07-03 16:57 206848 c:\windows\system32\dllcache\occache.dll + 2009-06-25 08:26 . 2009-06-25 08:26 136192 c:\windows\system32\dllcache\msv1_0.dll + 2009-03-08 02:32 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll + 2009-03-08 02:34 . 2009-03-08 02:34 193536 c:\windows\system32\dllcache\msrating.dll + 2002-08-30 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\dllcache\msls31.dll + 2008-06-09 23:31 . 2008-06-10 01:11 103936 c:\windows\system32\dllcache\logagent.exe - 2008-06-09 23:31 . 2008-04-14 02:34 103936 c:\windows\system32\dllcache\logagent.exe + 2009-06-25 08:26 . 2009-06-25 08:26 301568 c:\windows\system32\dllcache\kerberos.dll + 2008-05-09 10:55 . 2009-03-08 02:33 726528 c:\windows\system32\dllcache\jscript.dll + 2009-03-08 12:09 . 2009-03-08 12:09 638816 c:\windows\system32\dllcache\iexplore.exe + 2009-03-08 02:31 . 2009-07-03 16:57 184320 c:\windows\system32\dllcache\iepeers.dll + 2009-03-08 12:09 . 2009-07-03 16:57 386048 c:\windows\system32\dllcache\iedkcs32.dll + 2002-08-30 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\dllcache\ieakui.dll + 2009-03-08 02:33 . 2009-03-08 02:33 229376 c:\windows\system32\dllcache\ieaksie.dll + 2009-03-08 02:33 . 2009-03-08 02:33 125952 c:\windows\system32\dllcache\ieakeng.dll + 2009-03-08 02:32 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2009-03-08 02:31 . 2009-03-08 02:31 216064 c:\windows\system32\dllcache\dxtrans.dll + 2009-03-08 02:31 . 2009-03-08 02:31 348160 c:\windows\system32\dllcache\dxtmsft.dll + 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe + 2009-03-08 02:32 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll + 2002-08-30 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe + 2002-08-30 12:00 . 2009-03-08 02:32 128512 c:\windows\system32\advpack.dll + 2009-08-27 11:15 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB973874-IE8\spuninst\updspapi.dll + 2009-08-27 11:15 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB973874-IE8\spuninst\spuninst.exe + 2009-08-27 11:15 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll + 2009-08-27 11:15 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll + 2009-08-27 11:15 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe + 2009-08-27 11:15 . 2009-03-08 02:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll + 2009-08-27 11:15 . 2009-03-08 02:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll + 2009-08-27 11:15 . 2009-03-08 02:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll + 2009-08-27 11:15 . 2009-03-08 02:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll + 2009-08-27 11:15 . 2009-03-08 12:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll + 2009-08-27 11:15 . 2009-03-08 02:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe + 2009-08-27 11:13 . 2009-06-26 16:50 670720 c:\windows\ie8\wininet.dll + 2009-08-27 11:13 . 2008-04-14 02:33 281600 c:\windows\ie8\webcheck.dll + 2009-08-27 11:13 . 2008-04-14 02:33 851968 c:\windows\ie8\vgx.dll + 2009-08-27 11:13 . 2008-05-09 10:55 430080 c:\windows\ie8\vbscript.dll + 2009-08-27 11:13 . 2009-06-26 16:50 621056 c:\windows\ie8\urlmon.dll + 2009-08-27 11:14 . 2009-01-07 16:21 406048 c:\windows\ie8\spuninst\updspapi.dll + 2009-08-27 11:14 . 2009-01-07 16:21 235040 c:\windows\ie8\spuninst\spuninst.exe + 2009-08-27 11:13 . 2008-04-14 02:33 532480 c:\windows\ie8\mstime.dll + 2009-08-27 11:13 . 2008-04-14 02:33 146432 c:\windows\ie8\msrating.dll + 2009-08-27 11:13 . 2002-08-30 12:00 146432 c:\windows\ie8\msls31.dll + 2009-08-27 11:13 . 2008-04-14 02:33 449024 c:\windows\ie8\mshtmled.dll + 2009-08-27 11:13 . 2008-05-09 10:55 512000 c:\windows\ie8\jscript.dll + 2009-08-27 11:13 . 2008-04-14 02:33 251904 c:\windows\ie8\iepeers.dll + 2009-08-27 11:13 . 2008-04-14 02:33 323584 c:\windows\ie8\iedkcs32.dll + 2009-08-27 11:13 . 2002-08-30 12:00 245760 c:\windows\ie8\ieakui.dll + 2009-08-27 11:13 . 2008-04-14 02:33 221184 c:\windows\ie8\ieaksie.dll + 2009-08-27 11:13 . 2008-04-14 02:33 143360 c:\windows\ie8\ieakeng.dll + 2009-08-27 11:13 . 2008-04-14 02:33 205312 c:\windows\ie8\dxtrans.dll + 2009-08-27 11:13 . 2008-04-14 02:33 357888 c:\windows\ie8\dxtmsft.dll + 2009-08-27 11:13 . 2008-04-14 02:33 101888 c:\windows\ie8\advpack.dll + 2009-08-27 11:19 . 2009-08-27 11:19 172032 c:\windows\ERDNT\AutoBackup\27-08-09\Users\00000002\UsrClass.dat + 2009-08-27 11:19 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\27-08-09\ERDNT.EXE + 2009-08-27 11:17 . 2009-08-27 11:17 172032 c:\windows\ERDNT\27-08-09_apres IE8etRelicaltsXP3\Users\00000002\UsrClass.dat + 2009-08-27 11:17 . 2005-10-20 10:02 163328 c:\windows\ERDNT\27-08-09_apres IE8etRelicaltsXP3\ERDNT.EXE + 2009-08-27 09:51 . 2009-08-27 09:51 172032 c:\windows\ERDNT\27-08-09_1150\Users\00000002\UsrClass.dat + 2009-08-27 09:51 . 2005-10-20 10:02 163328 c:\windows\ERDNT\27-08-09_1150\ERDNT.EXE + 2009-08-27 08:41 . 2009-08-27 08:41 172032 c:\windows\ERDNT\27-08-09\Users\00000002\UsrClass.dat + 2009-08-27 08:41 . 2005-10-20 10:02 163328 c:\windows\ERDNT\27-08-09\ERDNT.EXE + 2002-08-30 12:00 . 2008-11-07 14:45 2174976 c:\windows\system32\WMVCore.dll + 2004-08-19 23:09 . 2009-07-12 10:21 4874240 c:\windows\system32\wmp.dll - 2004-08-19 23:09 . 2008-04-14 02:33 4874240 c:\windows\system32\wmp.dll + 2002-08-30 12:00 . 2008-06-10 04:11 1053696 c:\windows\system32\WMNetmgr.dll + 2006-08-31 05:56 . 2009-07-03 16:57 1208832 c:\windows\system32\urlmon.dll + 2006-06-30 08:52 . 2009-07-19 13:15 5937152 c:\windows\system32\mshtml.dll + 2009-03-08 02:32 . 2009-07-03 16:57 1985536 c:\windows\system32\iertutil.dll + 2009-02-06 19:07 . 2009-02-06 19:07 3698584 c:\windows\system32\ieapfltr.dat + 2008-11-07 16:32 . 2008-11-07 14:45 2174976 c:\windows\system32\dllcache\WMVCore.dll + 2009-07-13 00:18 . 2009-07-12 10:21 4874240 c:\windows\system32\dllcache\wmp.dll - 2009-07-13 00:18 . 2008-04-14 02:33 4874240 c:\windows\system32\dllcache\wmp.dll + 2008-06-10 16:18 . 2008-06-10 04:11 1053696 c:\windows\system32\dllcache\WMNetmgr.dll + 2009-06-26 16:50 . 2009-07-03 16:57 1208832 c:\windows\system32\dllcache\urlmon.dll + 2009-07-18 16:03 . 2009-07-19 13:15 5937152 c:\windows\system32\dllcache\mshtml.dll + 2009-01-07 16:21 . 2009-01-07 16:21 1022976 c:\windows\system32\dllcache\browseui.dll + 2009-08-27 11:15 . 2009-03-08 02:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll + 2009-08-27 11:15 . 2009-03-08 02:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll + 2009-08-27 11:15 . 2009-03-08 02:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll + 2009-08-27 11:13 . 2009-07-18 16:03 3090432 c:\windows\ie8\mshtml.dll + 2009-08-27 11:19 . 2009-08-27 11:19 1921024 c:\windows\ERDNT\AutoBackup\27-08-09\Users\00000001\NTUSER.DAT + 2009-08-27 11:17 . 2009-08-27 11:17 1794048 c:\windows\ERDNT\27-08-09_apres IE8etRelicaltsXP3\Users\00000001\NTUSER.DAT + 2009-08-27 09:51 . 2009-08-27 09:51 1773568 c:\windows\ERDNT\27-08-09_1150\Users\00000001\NTUSER.DAT + 2009-08-27 08:41 . 2009-08-27 08:41 1765376 c:\windows\ERDNT\27-08-09\Users\00000001\NTUSER.DAT + 2009-03-08 02:39 . 2009-07-19 16:45 11067392 c:\windows\system32\ieframe.dll + 2009-08-27 11:15 . 2009-03-08 02:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Process Explorer"="d:\securite\Outils\ProcessExplorer\procexp.exe" [2009-08-22 3550592] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064] "IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-22 30192] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-28 1626112] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-28 67584] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] c:\documents and settings\FG\Menu D‚marrer\Programmes\D‚marrage\ ERUNT AutoBackup.lnk - c:\program files\ERDNT_FG\AUTOBACK.EXE [2005-10-20 38912] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "cmdAgent"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22-08-09 14:38 30192] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-28 15:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\FG\Application Data\Mozilla\Firefox\Profiles\qfiarvk4.default\ FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-27 18:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(960) c:\windows\system32\netprovcredman.dll - - - - - - - > 'explorer.exe'(3148) c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe c:\program files\Intel\WiFi\bin\WLKEEPER.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2009-08-27 18:09 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-27 16:09 ComboFix2.txt 2009-08-27 10:36 ComboFix3.txt 2009-08-26 17:38 Pre-Run: 82 752 847 872 octets libres Post-Run: 82 719 350 784 octets libres 544 --- E O F --- 2009-08-26 20:19

Bonjour Angelique, alors que hier soir après avoir poster le rapport Combofix je pensais à une rémission, ce matin en redémarrant j'ai reperdu ma connexion, et la possibilité de restaurer le registre. Trop simple sinon ! Comment empêcher le "truc" de continuer à semer la zizanie ? Merci

ComboFix 09-08-26.03 - FG 26-08-09 19:29.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.2656 [GMT 2:00] Running from: c:\documents and settings\FG\Bureau\ComboFix.exe AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\FG\Bureau\SystemLook.exe H:\explorer.exe . ((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 ))))))))))))))))))))))))))))))) . 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\system32\fr-fr 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\l2schemas 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\system32\fr 2009-08-26 12:02 . 2009-08-26 12:02 152576 ----a-w- c:\documents and settings\FG\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\FG\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel 2009-08-26 04:11 . 2008-06-20 08:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll 2009-08-26 04:11 . 2008-08-28 21:34 3632384 ----a-w- c:\windows\system32\drivers\NETw5x32.sys 2009-08-26 04:11 . 2008-06-20 08:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll 2009-08-26 04:09 . 2009-08-26 04:09 -------- d-----w- c:\program files\Fichiers communs\Intel 2009-08-26 04:09 . 2009-08-26 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel 2009-08-25 09:16 . 2009-08-25 09:16 -------- d-----w- c:\documents and settings\FG\Application Data\Dell 2009-08-25 09:16 . 2009-08-25 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2009-08-25 07:05 . 2009-08-25 07:05 -------- d-----w- c:\program files\Broadcom 2009-08-25 06:41 . 2006-10-17 09:55 1711104 ----a-w- c:\windows\system32\drivers\NETw3x32.sys 2009-08-25 06:18 . 2009-08-25 06:33 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\documents and settings\FG\Application Data\Malwarebytes 2009-08-23 15:13 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-23 15:13 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-23 11:11 . 2009-06-11 03:38 167936 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\m6z5bo6o.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll 2009-08-23 11:11 . 2008-09-17 18:39 139264 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\m6z5bo6o.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll 2009-08-23 09:22 . 2009-08-23 09:22 -------- d-----w- C:\getservice 2009-08-23 05:10 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-08-23 05:10 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-08-23 05:10 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2009-08-23 05:10 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2009-08-23 05:10 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2009-08-23 05:10 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2009-08-23 05:10 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2009-08-23 05:10 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2009-08-23 05:10 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-08-23 05:10 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-08-23 05:10 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-08-23 05:08 . 2009-08-23 05:08 -------- d-----w- c:\program files\CONEXANT 2009-08-23 04:55 . 2007-05-10 08:22 405504 ----a-w- c:\windows\stsystra.exe 2009-08-23 04:55 . 2007-04-10 15:02 1601536 ----a-w- c:\windows\system32\stlang.dll 2009-08-23 04:55 . 2008-04-14 02:33 4096 ----a-w- c:\windows\system32\ksuser.dll 2009-08-23 04:55 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2009-08-23 04:49 . 2007-05-10 08:24 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys 2009-08-23 04:49 . 2007-05-10 08:23 270336 ----a-w- c:\windows\system32\stacapi.dll 2009-08-23 04:49 . 2009-08-23 04:49 -------- d-----w- c:\program files\SigmaTel 2009-08-23 04:49 . 2007-08-21 07:58 146944 ----a-w- c:\windows\system32\st325602.dll 2009-08-23 04:00 . 2009-08-23 04:00 -------- d-s---w- c:\documents and settings\FG\UserData 2009-08-23 03:44 . 2009-08-26 03:39 -------- d-----w- c:\program files\Dell 2009-08-23 03:44 . 2009-08-23 03:44 -------- d-----w- c:\windows\system32\Dell 2009-08-22 15:30 . 2008-04-14 02:34 259072 -c----w- c:\windows\system32\dllcache\msnetobj.dll 2009-08-22 14:17 . 2009-08-23 11:57 1 ----a-w- c:\documents and settings\FG\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-22 14:16 . 2009-08-22 14:16 -------- d-----w- c:\documents and settings\FG\Application Data\OpenOffice.org 2009-08-22 13:53 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-08-22 13:50 . 2009-08-22 13:50 -------- d-----w- c:\program files\MSXML 4.0 2009-08-22 13:06 . 2009-06-11 03:38 167936 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\zfbaah86.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll 2009-08-22 13:06 . 2008-09-17 18:39 139264 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\zfbaah86.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll 2009-08-22 12:38 . 2009-08-22 12:38 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\Google 2009-08-22 12:38 . 2009-08-22 12:38 -------- d-----w- c:\program files\Google 2009-08-22 12:36 . 2009-08-22 12:36 -------- d-----w- c:\program files\JRE 2009-08-22 12:36 . 2009-08-22 12:36 -------- d-----w- c:\program files\OpenOffice.org 3 2009-08-22 12:36 . 2009-07-25 03:23 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-22 12:36 . 2009-08-26 12:03 -------- d-----w- c:\program files\Java 2009-08-22 12:08 . 2009-08-22 12:08 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-08-22 09:04 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-08-22 09:03 . 2009-02-09 11:24 2191104 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-08-22 09:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-08-22 09:03 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-08-22 09:03 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-08-22 09:03 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-08-22 09:03 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-08-22 09:03 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-08-22 09:03 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-08-22 09:03 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-08-22 09:03 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-08-22 09:03 . 2009-02-09 11:23 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-08-22 09:03 . 2009-02-09 11:23 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-08-22 09:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-08-22 09:00 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-08-22 09:00 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-08-22 09:00 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-08-22 09:00 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-22 09:00 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-08-22 09:00 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-08-22 08:59 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-08-22 08:59 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll 2009-08-22 08:59 . 2008-10-03 10:03 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll 2009-08-22 08:59 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-08-22 08:54 . 2009-05-28 15:43 27792 ----a-w- c:\windows\system32\drivers\point32.sys 2009-08-22 08:54 . 2009-08-22 08:54 -------- d-----w- c:\program files\Microsoft IntelliPoint 2009-08-22 08:54 . 2009-08-22 08:54 -------- d-----w- c:\program files\MSXML 6.0 2009-08-22 08:53 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-22 08:53 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-08-22 08:19 . 2005-09-28 18:57 113847 ----a-r- c:\windows\system32\drivers\Apfiltr.sys 2009-08-22 08:19 . 2005-03-04 18:31 95511 ----a-r- c:\windows\system32\Vxdif.dll 2009-08-20 10:34 . 2009-08-20 10:34 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\COMODO 2009-08-20 10:25 . 2009-08-20 10:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel 2009-08-20 10:23 . 2009-08-26 04:11 -------- dc----w- c:\windows\system32\DRVSTORE 2009-08-20 10:23 . 2009-08-26 04:09 -------- d-----w- c:\program files\Intel 2009-08-20 10:13 . 2009-08-20 10:13 0 ----a-w- c:\windows\nsreg.dat 2009-08-20 10:13 . 2009-08-20 10:13 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\Mozilla 2009-08-20 09:35 . 2009-08-26 17:34 33632 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-08-20 09:27 . 2009-08-20 09:27 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-08-20 09:19 . 2009-08-20 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo 2009-08-20 09:19 . 2009-08-20 09:19 86976 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-08-20 09:19 . 2009-08-20 09:19 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-08-20 09:19 . 2009-08-20 09:19 179792 ----a-w- c:\windows\system32\guard32.dll 2009-08-20 09:19 . 2009-08-20 09:19 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-08-20 09:19 . 2009-08-20 09:19 -------- d-----w- c:\program files\COMODO 2009-08-20 08:41 . 2009-08-22 12:40 17672 ----a-w- c:\documents and settings\FG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 08:40 . 2009-08-20 08:40 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer 2009-08-20 08:40 . 2009-08-26 12:54 -------- d-----w- c:\windows\system32\wbem\AutoRecover 2009-08-20 08:27 . 2009-08-26 12:52 -------- d-----w- c:\windows\peernet 2009-08-20 08:27 . 2009-08-20 08:27 -------- d-----w- c:\windows\provisioning 2009-08-20 08:26 . 2009-08-20 08:26 -------- d-----w- c:\windows\ServicePackFiles 2009-08-20 08:24 . 2009-08-26 12:53 -------- d-----w- c:\windows\EHome 2009-08-20 07:52 . 2008-04-13 17:34 11264 ------w- c:\windows\system32\spnpinst.exe 2009-08-20 07:52 . 2004-08-02 12:20 4569 ------w- c:\windows\system32\secupd.dat 2009-08-20 07:41 . 2008-04-14 02:33 1097728 ----a-w- c:\windows\system32\esent.dll 2009-08-20 07:32 . 2009-08-26 12:52 -------- d-----w- c:\windows\system32\bits 2009-08-20 07:32 . 2007-08-10 06:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2009-08-20 07:32 . 2009-08-23 12:10 -------- d--h--w- c:\windows\$hf_mig$ 2009-08-20 07:31 . 2008-12-16 12:31 354304 ----a-w- c:\windows\system32\winhttp.dll 2009-08-20 07:31 . 2008-04-14 02:33 18944 ----a-w- c:\windows\system32\qmgrprxy.dll 2009-08-20 07:31 . 2008-04-14 02:33 8192 ------w- c:\windows\system32\bitsprx2.dll 2009-08-20 07:31 . 2008-04-14 02:33 7168 ------w- c:\windows\system32\bitsprx3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-26 17:28 . 2002-08-30 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-26 17:28 . 2002-08-30 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-26 12:56 . 2009-08-19 06:52 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-08-26 05:24 . 2009-08-22 05:55 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-25 09:16 . 2009-08-22 08:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-23 10:59 . 2009-08-22 05:55 -------- d-----w- c:\documents and settings\FG\Application Data\Thunderbird 2009-08-22 08:19 . 2009-08-22 08:19 -------- d-----w- c:\program files\Apoint 2009-08-22 08:19 . 2009-08-20 10:35 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-08-22 06:03 . 2009-08-22 06:03 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-22 05:56 . 2009-08-22 05:56 -------- d-----w- c:\documents and settings\FG\Application Data\Talkback 2009-08-21 08:43 . 2009-08-20 10:36 31740 ----a-w- c:\windows\system32\nvModes.dat 2009-08-19 06:52 . 2009-08-19 06:52 -------- d-----w- c:\program files\microsoft frontpage 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\U9B9BDRP.DAT 2009-08-19 06:52 . 2009-08-19 06:52 558142 ----a-w- c:\windows\java\Packages\MVH3JXNB.ZIP 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\1FHRDVBL.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\ETZTZLB7.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\6WRLBNRX.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\28IAYBNR.DAT 2009-08-19 06:52 . 2009-08-19 06:52 155995 ----a-w- c:\windows\java\Packages\ERRVBXB9.ZIP 2009-08-19 06:49 . 2009-08-19 06:49 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-19 06:49 . 2009-08-19 06:49 -------- d-----w- c:\program files\Services en ligne 2009-08-05 09:00 . 2002-08-30 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:35 . 2002-08-30 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:35 . 2002-08-30 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 19:03 . 2002-08-30 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-06-26 16:50 . 2006-06-23 11:28 670720 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:50 . 2004-08-19 23:09 81920 ------w- c:\windows\system32\ieencode.dll 2009-06-25 18:36 . 2002-08-30 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2002-08-30 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2002-08-30 12:00 527360 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2002-08-30 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2002-08-30 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2002-08-30 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2002-08-30 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2002-08-30 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2002-08-30 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2002-08-30 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2002-08-30 12:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2002-08-30 12:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-22 11:49 . 2002-08-30 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2002-08-30 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2002-08-30 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2002-08-30 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-15 10:44 . 2002-08-30 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2002-08-30 12:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2002-08-30 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:15 . 2002-08-30 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2002-08-30 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-08-22 12:38 . 2009-08-22 12:38 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-08-20 1793808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-22 30192] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064] "IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-28 1626112] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-28 67584] c:\documents and settings\FG\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [20-08-09 11:19 132040] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [20-08-09 11:19 25160] S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22-08-09 14:38 30192] S3 JFK;JFK;c:\docume~1\FG\LOCALS~1\Temp\JFK.exe --> c:\docume~1\FG\LOCALS~1\Temp\JFK.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-08-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-28 15:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s TCP: {8F53B181-17C8-403C-BADA-729ADA27F8A8} = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\FG\Application Data\Mozilla\Firefox\Profiles\qfiarvk4.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 19:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1080) c:\windows\system32\netprovcredman.dll - - - - - - - > 'explorer.exe'(2972) c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe c:\program files\Intel\WiFi\bin\WLKEEPER.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2009-08-26 19:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-26 17:38 Pre-Run: 77 492 862 976 octets libres Post-Run: 77 451 751 424 octets libres 330 --- E O F --- 2009-08-26 13:04

Angelique, j'ai eu une connexion correcte depuis ce matin jusqu'à ce que j'accepte de télécharger une mise à jour de Microsoft, ou de quelque chose qui se faisait passer pour !? Le temps que cette mise à jour s'installe et depuis plus de connexion. J'ai voulu réutiliser SystemLook qui m'avait permis ce matin de récupérer ces infos : SystemLook v1.0 by jpshortstuff (18.05.09) Log created at 06:36 on 26/08/2009 by FG (Administrator - Elevation successful) ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\11] "Description"="Intel® PRO/Wireless 3945ABG Network Connection" "ServiceName"="{941A5333-EF98-4271-A520-D1B2A34BF662}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\15] "Description"="Broadcom NetXtreme 57xx Gigabit Controller" "ServiceName"="{8F53B181-17C8-403C-BADA-729ADA27F8A8}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\3] "Description"="Carte réseau 1394" "ServiceName"="{EF46FE50-9DF3-4790-B23B-E4F2164163DB}" -=End Of File=- mais depuis je n'arrive plus à écrire dans la fenêtre de SystemLook, comme si quelque chose le rendait partiellement inopérationnel. En fait, pour dire le fond de ma pensée, et pour bien comprendre il faut lire le sujet depuis le début, j'ai toujours au moins un virus actif puisque dès que j'ouvre Firefox ou IE j'ai jusqu'à 90 connexions actives sortantes. Elles s'établissent aussi via svchost.exe. Sur mon PC fixe, celui avec lequel je t'écris, j'ai la même chose mais en plus, ces connexions apparaissent aussi avec Skype ou Msn. Comodo m'a détecté et mis en quarntaine : Backdoor.Win32.Agent.ahuv@24376020 TrojWare.Win32.TrojanDownloader.IstBar.~L@25568999 Application.Win32.WinVNC.~B@12028414 Je pensais être plus tranquille...mais ma connexion s'est à nouveau établie sur 169.254.179.168 J'ai donc essayer de forcer la main à ma carte en lui imposant une adresse à la main comme tu me l'as indiqué plus haut mais là surprise : j'ai affiché sur le portable 192.168.1.20, dans la box j'ai bien l'adresse de la carte mais l'IP apparait comme indéfinie. Je sollicite donc ton aide et/ou celle d'Apollo pour éradiquer ce virus. Merci

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:36:55, on 26-08-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\SECURITE\OUTILS\PROCESSEXPLORER\PROCEXP.EXE C:\WINDOWS\notepad.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\regedit.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\FG\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- End of file - 5540 bytes