frefranat

Bonjour, je tente depuis plusieurs jours de comprendre pourquoi un logiciel que j'ai réinstallé plusieurs fois déjà n'utilise pas les versions des DLLs de son dossier d'installation. J'ai regardé de plus près mon système est j'y ai découvert des trucs bizarre comme : C:\WINDOWS\system32\SHELL32.dll.124.Manifest, mais aussi des dossiers qui s’effaçaient une fois sélectionnés, des fichiers comme ISwift3.dat impossible à supprimer dans le dossier System Volume Information, hormis le fichier de restauration. Quelqu'un peut-il m'aider ? Merci

Bonjour, je viens d'exécuter ZHP qui dans la recherche MD5 indique : O71 - BDRI:[hklm\software\microsoft\windows\currentversion\run]:avp O71 - BDRI:[hklm\software\classes\clsid\{9461b922-3c5a-11d2-bf8b-00c04fb93661}] O71 - BDRI:[hklm\software\classes\clsid\{47c6c527-6204-4f91-849d-66e234dee015}] O71 - BDRI:[hklm\software\classes\typelib\{eca4e801-17ae-4863-9f5c-af4047aabee0}] O71 - BDRI:[hkcu\software\microsoft\windows\currentversion\internet settings\zones\] après quelques recherches sur le web, il semblerait qu'un virus en soit à l'origine. Quelqu'un a des précisions à m'apporter ? Merci

Bonjour, Rien n'a été trouvé, mais que veut dire "(!) Cet ordinateur n'est pas vacciné!" ? Merci ############################## | UsbFix 7.014 | [Recherche] Utilisateur: FG (Administrateur) # PC-CEM [ ] Mis à jour le 24/06/10 par El Desaparecido / C_XX Lancé à 14:03:27 | 27/06/2010 Site Web: Bienvenue dans nos Pages Persos Contact: FindyKill.Contact@gmail.com CPU: Genuine Intel® CPU T2500 @ 2.00GHz CPU 2: Genuine Intel® CPU T2500 @ 2.00GHz Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Désactivé /!\ Antivirus: Kaspersky PURE 9.0.0.192 [Enabled | Updated] Firewall: Kaspersky PURE 9.0.0.192 [Enabled] RAM -> 3326 Mo C:\ (%systemdrive%) -> Disque fixe # 98 Go (72 Go libre(s) - 74%) [] # NTFS D:\ -> Disque fixe # 195 Go (181 Go libre(s) - 93%) [Eism] # NTFS E:\ -> Disque fixe # 173 Go (156 Go libre(s) - 90%) [] # NTFS F:\ -> CD-ROM G:\ -> Disque fixe # 75 Go (29 Go libre(s) - 38%) [] # NTFS I:\ -> Disque amovible # 4 Go (3 Go libre(s) - 78%) [uSB 4GO] # FAT32 ################## | Éléments infectieux | ################## | Registre | Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F |

Bonjour, le rapport MBAM : Cijoint.fr - Service gratuit de dépôt de fichiers le rapport RSIT info : Cijoint.fr - Service gratuit de dépôt de fichiers RSIT log : Cijoint.fr - Service gratuit de dépôt de fichiers merci pour votre aide. Cordialement

Bonjour, depuis quelques jours ma souris s'arrête souvent; Bluetooth Manager de Toshiba ne fonctionne plus; le touchpad n'est plus actif lorsque je deconnecte la souris; Kaspersky a supprimé SpyWebcam.exe. Mais j'ai toujours des exécutables bizzares comme ifinst27.exe, rcimlby.exe impossible à supprimer, ils reviennent de suite après la suppression. merci de m'aider

Bonjour, je souhaiterais identifier un fichier audio qui est joué de temps en temps par la carte son car il représente une gène. En effet, il est produit de manière aléatoire, et son origine m'est inconnue. Je le décrirais comme deux chuintements successifs d'une durée de 0,5 s chacun, espacé entre eux d'une seconde. Je l'ai déjà entendu sur un autre PC que le mien sans que son propriétaire n'est plus d'explications à me fournir. Quelqu'un connaît ? Merci

Bonjour Angelique, je ne parvient toujours à me débarrasser de ce virus. Peux-tu m'aider ?

Bonjour Angelique, C:\RECYCLER\S-1-5-21-1275210071-515967899-839522115-1003\Dc3.zip Infected: not-a-virus:RiskTool.Win32.PsKill.k 1 C:\RECYCLER\S-1-5-21-1275210071-515967899-839522115-1003\Dc32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1 Je suppose que ce sont des faux-positifs. Je suis en train de regarder le contenu des services hôtes, et en particulier le Netsvcs : 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt TermService wuauserv BITS ShellHWDetection helpsvc xmlprov wscsvc WmdmPmSN napagent hkmsvc

Bonjour Angelique, je sais que je suis parano. OK, passons à autre chose si tu veux. Pourquoi je ne peux pas faire un scan en ligne sur Kaspersky ? merci

Angélique, après tout ça, j'ai toujours plus de 50 connexions sortantes quand j'ouvre Firefox. De plus, je voudrais maintenant, si possible, rapatrier les données qui sont sur le disque infesté et que j'ai déporté en disque externe. Par contre les données sont cryptées. Peux-tu m'aider ? Merci

ComboFix 09-08-26.05 - FG 27-08-09 18:02.3.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.2720 [GMT 2:00] Running from: c:\documents and settings\FG\Bureau\ComboFix.exe Command switches used :: c:\documents and settings\FG\Bureau\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_JFK -------\Service_JFK ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))))) . 2009-08-27 14:53 . 2009-08-27 14:53 -------- d-sh--w- c:\documents and settings\FG\PrivacIE 2009-08-27 12:00 . 2009-08-27 12:16 -------- d-----w- C:\XPSP3 2009-08-27 11:31 . 2009-08-27 11:49 -------- d-----w- C:\XPSP2 2009-08-27 11:19 . 2009-08-27 11:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-08-27 11:18 . 2009-08-27 11:18 -------- d-sh--w- c:\documents and settings\FG\IETldCache 2009-08-27 11:15 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-08-27 11:15 . 2009-08-27 11:15 -------- d-----w- c:\windows\ie8updates 2009-08-27 11:15 . 2009-07-19 16:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-08-27 11:15 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-08-27 11:15 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-27 11:15 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-27 11:15 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-08-27 11:15 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-08-27 11:13 . 2009-08-27 11:14 -------- dc-h--w- c:\windows\ie8 2009-08-27 11:03 . 2009-08-27 12:20 -------- d-----w- C:\XPCD 2009-08-27 09:25 . 2009-08-27 09:25 -------- d-----w- c:\program files\ERDNT_FG 2009-08-26 12:52 . 2009-08-27 11:18 -------- d-----w- c:\windows\system32\fr-fr 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\l2schemas 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\system32\fr 2009-08-26 12:02 . 2009-08-26 12:02 152576 ----a-w- c:\documents and settings\FG\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\FG\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel 2009-08-26 04:11 . 2008-06-20 08:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll 2009-08-26 04:11 . 2008-08-28 21:34 3632384 ----a-w- c:\windows\system32\drivers\NETw5x32.sys 2009-08-26 04:11 . 2008-06-20 08:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll 2009-08-26 04:09 . 2009-08-26 04:09 -------- d-----w- c:\program files\Fichiers communs\Intel 2009-08-26 04:09 . 2009-08-26 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel 2009-08-25 09:16 . 2009-08-25 09:16 -------- d-----w- c:\documents and settings\FG\Application Data\Dell 2009-08-25 09:16 . 2009-08-25 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2009-08-25 07:05 . 2009-08-25 07:05 -------- d-----w- c:\program files\Broadcom 2009-08-25 06:41 . 2006-10-17 09:55 1711104 ----a-w- c:\windows\system32\drivers\NETw3x32.sys 2009-08-25 06:18 . 2009-08-25 06:33 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\documents and settings\FG\Application Data\Malwarebytes 2009-08-23 15:13 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-23 15:13 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-23 11:11 . 2009-06-11 03:38 167936 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\m6z5bo6o.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll 2009-08-23 11:11 . 2008-09-17 18:39 139264 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\m6z5bo6o.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll 2009-08-23 09:22 . 2009-08-23 09:22 -------- d-----w- C:\getservice 2009-08-23 05:10 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-08-23 05:10 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-08-23 05:10 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2009-08-23 05:10 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2009-08-23 05:10 . 2008-04-13 16:39 142592 ------w- c:\windows\system32\drivers\aec.sys 2009-08-23 05:10 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2009-08-23 05:10 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2009-08-23 05:10 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2009-08-23 05:10 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-08-23 05:10 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-08-23 05:10 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-08-23 05:08 . 2009-08-23 05:08 -------- d-----w- c:\program files\CONEXANT 2009-08-23 04:55 . 2007-05-10 08:22 405504 ----a-w- c:\windows\stsystra.exe 2009-08-23 04:55 . 2007-04-10 15:02 1601536 ----a-w- c:\windows\system32\stlang.dll 2009-08-23 04:55 . 2008-04-14 02:33 4096 ----a-w- c:\windows\system32\ksuser.dll 2009-08-23 04:55 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2009-08-23 04:49 . 2007-05-10 08:24 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys 2009-08-23 04:49 . 2007-05-10 08:23 270336 ----a-w- c:\windows\system32\stacapi.dll 2009-08-23 04:49 . 2009-08-23 04:49 -------- d-----w- c:\program files\SigmaTel 2009-08-23 04:49 . 2007-08-21 07:58 146944 ----a-w- c:\windows\system32\st325602.dll 2009-08-23 04:00 . 2009-08-23 04:00 -------- d-s---w- c:\documents and settings\FG\UserData 2009-08-23 03:44 . 2009-08-26 03:39 -------- d-----w- c:\program files\Dell 2009-08-23 03:44 . 2009-08-23 03:44 -------- d-----w- c:\windows\system32\Dell 2009-08-22 15:30 . 2008-04-14 02:34 259072 -c----w- c:\windows\system32\dllcache\msnetobj.dll 2009-08-22 14:17 . 2009-08-23 11:57 1 ----a-w- c:\documents and settings\FG\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-22 14:16 . 2009-08-22 14:16 -------- d-----w- c:\documents and settings\FG\Application Data\OpenOffice.org 2009-08-22 13:53 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-08-22 13:50 . 2009-08-22 13:50 -------- d-----w- c:\program files\MSXML 4.0 2009-08-22 13:06 . 2009-06-11 03:38 167936 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\zfbaah86.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll 2009-08-22 13:06 . 2008-09-17 18:39 139264 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\zfbaah86.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll 2009-08-22 12:38 . 2009-08-22 12:38 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\Google 2009-08-22 12:38 . 2009-08-22 12:38 -------- d-----w- c:\program files\Google 2009-08-22 12:36 . 2009-08-22 12:36 -------- d-----w- c:\program files\JRE 2009-08-22 12:36 . 2009-08-22 12:36 -------- d-----w- c:\program files\OpenOffice.org 3 2009-08-22 12:36 . 2009-07-25 03:23 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-22 12:36 . 2009-08-26 12:03 -------- d-----w- c:\program files\Java 2009-08-22 12:08 . 2009-08-22 12:08 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-08-22 09:04 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-08-22 09:03 . 2009-02-09 11:24 2191104 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-08-22 09:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-08-22 09:03 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-08-22 09:03 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-08-22 09:03 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-08-22 09:03 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-08-22 09:03 . 2009-06-25 08:26 736768 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-08-22 09:03 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-08-22 09:03 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-08-22 09:03 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-08-22 09:03 . 2009-02-09 11:23 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-08-22 09:03 . 2009-02-09 11:23 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-08-22 09:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-08-22 09:00 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-08-22 09:00 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-08-22 09:00 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-08-22 09:00 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-22 09:00 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-08-22 09:00 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-08-22 08:59 . 2009-06-10 07:21 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-08-22 08:59 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll 2009-08-22 08:59 . 2008-10-03 10:03 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll 2009-08-22 08:59 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-08-22 08:54 . 2009-05-28 15:43 27792 ----a-w- c:\windows\system32\drivers\point32.sys 2009-08-22 08:54 . 2009-08-22 08:54 -------- d-----w- c:\program files\Microsoft IntelliPoint 2009-08-22 08:54 . 2009-08-22 08:54 -------- d-----w- c:\program files\MSXML 6.0 2009-08-22 08:53 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-22 08:53 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-08-22 08:19 . 2005-09-28 18:57 113847 ----a-r- c:\windows\system32\drivers\Apfiltr.sys 2009-08-22 08:19 . 2005-03-04 18:31 95511 ----a-r- c:\windows\system32\Vxdif.dll 2009-08-20 10:34 . 2009-08-20 10:34 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\COMODO 2009-08-20 10:25 . 2009-08-20 10:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel 2009-08-20 10:23 . 2009-08-26 04:11 -------- dc----w- c:\windows\system32\DRVSTORE 2009-08-20 10:23 . 2009-08-26 04:09 -------- d-----w- c:\program files\Intel 2009-08-20 10:13 . 2009-08-20 10:13 0 ----a-w- c:\windows\nsreg.dat 2009-08-20 10:13 . 2009-08-20 10:13 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\Mozilla 2009-08-20 09:35 . 2009-08-27 06:22 33632 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-08-20 09:27 . 2009-08-20 09:27 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-08-20 09:19 . 2009-08-27 07:07 -------- d-----w- c:\program files\COMODO 2009-08-20 08:41 . 2009-08-22 12:40 17672 ----a-w- c:\documents and settings\FG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 08:40 . 2009-08-20 08:40 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer 2009-08-20 08:40 . 2009-08-26 12:54 -------- d-----w- c:\windows\system32\wbem\AutoRecover 2009-08-20 08:27 . 2009-08-26 12:52 -------- d-----w- c:\windows\peernet 2009-08-20 08:27 . 2009-08-20 08:27 -------- d-----w- c:\windows\provisioning 2009-08-20 08:26 . 2009-08-20 08:26 -------- d-----w- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-27 16:02 . 2002-08-30 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-27 16:02 . 2002-08-30 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-26 12:56 . 2009-08-19 06:52 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-08-26 05:24 . 2009-08-22 05:55 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-25 09:16 . 2009-08-22 08:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-23 10:59 . 2009-08-22 05:55 -------- d-----w- c:\documents and settings\FG\Application Data\Thunderbird 2009-08-22 08:19 . 2009-08-22 08:19 -------- d-----w- c:\program files\Apoint 2009-08-22 08:19 . 2009-08-20 10:35 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-08-22 06:03 . 2009-08-22 06:03 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-22 05:56 . 2009-08-22 05:56 -------- d-----w- c:\documents and settings\FG\Application Data\Talkback 2009-08-21 08:43 . 2009-08-20 10:36 31740 ----a-w- c:\windows\system32\nvModes.dat 2009-08-19 06:52 . 2009-08-19 06:52 -------- d-----w- c:\program files\microsoft frontpage 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\U9B9BDRP.DAT 2009-08-19 06:52 . 2009-08-19 06:52 558142 ----a-w- c:\windows\java\Packages\MVH3JXNB.ZIP 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\1FHRDVBL.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\ETZTZLB7.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\6WRLBNRX.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\28IAYBNR.DAT 2009-08-19 06:52 . 2009-08-19 06:52 155995 ----a-w- c:\windows\java\Packages\ERRVBXB9.ZIP 2009-08-19 06:49 . 2009-08-19 06:49 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-19 06:49 . 2009-08-19 06:49 -------- d-----w- c:\program files\Services en ligne 2009-08-05 09:00 . 2002-08-30 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:35 . 2002-08-30 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:35 . 2002-08-30 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 19:03 . 2002-08-30 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 10:21 . 2004-08-19 23:09 233472 ------w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2006-06-23 11:28 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2002-08-30 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2002-08-30 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2002-08-30 12:00 527360 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2002-08-30 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2002-08-30 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2002-08-30 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2002-08-30 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2002-08-30 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2002-08-30 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2002-08-30 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2002-08-30 12:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2002-08-30 12:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 08:26 . 2002-08-30 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2002-08-30 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2002-08-30 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2002-08-30 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2002-08-30 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2002-08-30 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-22 11:49 . 2002-08-30 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2002-08-30 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2002-08-30 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2002-08-30 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-15 10:44 . 2002-08-30 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2002-08-30 12:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2002-08-30 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2009-08-19 06:49 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2002-08-30 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2002-08-30 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-08-22 12:38 . 2009-08-22 12:38 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-26_17.35.27 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-27 16:06 . 2009-08-27 16:06 16384 c:\windows\temp\Perflib_Perfdata_ec.dat - 2002-08-30 12:00 . 2008-04-14 02:33 90112 c:\windows\system32\wshext.dll + 2002-08-30 12:00 . 2008-05-09 10:55 90112 c:\windows\system32\wshext.dll + 2009-08-20 07:32 . 2009-01-07 16:21 26144 c:\windows\system32\spupdsvc.exe + 2009-08-26 12:24 . 2009-01-07 16:21 17952 c:\windows\system32\spmsg.dll + 2005-04-27 08:53 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll + 2002-08-30 12:00 . 2009-08-27 16:02 40326 c:\windows\system32\perfc009.dat - 2002-08-30 12:00 . 2009-08-26 17:28 40326 c:\windows\system32\perfc009.dat + 2009-01-07 16:20 . 2009-01-07 16:20 23552 c:\windows\system32\normaliz.dll + 2009-01-07 16:20 . 2009-01-07 16:20 24576 c:\windows\system32\nlsdl.dll + 2002-08-30 12:00 . 2009-03-08 02:31 48128 c:\windows\system32\mshtmler.dll + 2002-08-30 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll + 2002-08-30 12:00 . 2009-03-08 02:31 45568 c:\windows\system32\mshta.exe + 2009-03-08 02:31 . 2009-03-08 02:31 13312 c:\windows\system32\msfeedssync.exe + 2009-03-08 02:31 . 2009-07-03 16:57 55296 c:\windows\system32\msfeedsbs.dll + 2002-08-30 12:00 . 2009-03-08 02:34 43008 c:\windows\system32\licmgr10.dll + 2002-08-30 12:00 . 2009-07-03 16:57 25600 c:\windows\system32\jsproxy.dll + 2002-08-30 12:00 . 2009-03-08 02:32 94720 c:\windows\system32\inseng.dll + 2002-08-30 12:00 . 2009-03-08 02:31 34816 c:\windows\system32\imgutil.dll + 2009-03-08 02:32 . 2009-03-08 02:32 36864 c:\windows\system32\ieudinit.exe + 2002-08-30 12:00 . 2009-03-08 02:32 71680 c:\windows\system32\iesetup.dll + 2002-08-30 12:00 . 2009-03-08 02:32 55808 c:\windows\system32\iernonce.dll + 2009-01-07 16:20 . 2009-01-07 16:20 26112 c:\windows\system32\idndl.dll + 2009-03-08 02:31 . 2009-03-08 02:31 59904 c:\windows\system32\icardie.dll + 2008-05-09 10:55 . 2008-05-09 10:55 90112 c:\windows\system32\dllcache\wshext.dll + 2009-06-25 08:26 . 2009-06-25 08:26 54272 c:\windows\system32\dllcache\wdigest.dll - 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll + 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll + 2009-03-08 02:31 . 2009-03-08 02:31 46592 c:\windows\system32\dllcache\pngfilt.dll + 2009-03-08 02:31 . 2009-03-08 02:31 48128 c:\windows\system32\dllcache\mshtmler.dll + 2009-03-08 02:31 . 2009-03-08 02:31 66560 c:\windows\system32\dllcache\mshtmled.dll + 2009-03-08 02:31 . 2009-03-08 02:31 45568 c:\windows\system32\dllcache\mshta.exe + 2009-03-08 02:34 . 2009-03-08 02:34 43008 c:\windows\system32\dllcache\licmgr10.dll + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys + 2009-03-08 02:33 . 2009-07-03 16:57 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-03-08 02:32 . 2009-03-08 02:32 94720 c:\windows\system32\dllcache\inseng.dll + 2009-03-08 02:31 . 2009-03-08 02:31 34816 c:\windows\system32\dllcache\imgutil.dll + 2009-03-08 02:32 . 2009-03-08 02:32 71680 c:\windows\system32\dllcache\iesetup.dll + 2009-03-08 02:32 . 2009-03-08 02:32 55808 c:\windows\system32\dllcache\iernonce.dll + 2009-03-08 02:24 . 2009-03-08 02:24 68608 c:\windows\system32\dllcache\hmmapi.dll + 2009-03-08 02:33 . 2009-03-08 02:33 18944 c:\windows\system32\dllcache\corpol.dll + 2009-03-08 02:32 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll + 2002-08-30 12:00 . 2009-03-08 02:33 18944 c:\windows\system32\corpol.dll + 2002-08-30 12:00 . 2009-03-08 02:32 72704 c:\windows\system32\admparse.dll + 2001-07-14 15:32 . 2001-07-14 15:32 69632 c:\windows\setupupd\temp\wsdueng.dll + 2009-08-27 11:15 . 2009-03-08 02:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll + 2009-08-27 11:15 . 2009-03-08 02:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll + 2009-08-27 11:15 . 2009-03-08 02:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll + 2009-08-27 11:13 . 2008-04-14 02:33 37888 c:\windows\ie8\url.dll + 2009-08-27 11:14 . 2009-03-08 14:14 58448 c:\windows\ie8\spuninst\iecustom.dll + 2009-08-27 11:13 . 2008-04-14 02:33 39424 c:\windows\ie8\pngfilt.dll + 2009-08-27 11:13 . 2008-04-14 02:33 97280 c:\windows\ie8\occache.dll + 2009-08-27 11:13 . 2008-04-14 01:56 57344 c:\windows\ie8\mshtmler.dll + 2009-08-27 11:13 . 2008-04-14 02:34 29184 c:\windows\ie8\mshta.exe + 2009-08-27 11:13 . 2008-04-14 02:33 22528 c:\windows\ie8\licmgr10.dll + 2009-08-27 11:13 . 2008-04-14 02:33 15872 c:\windows\ie8\jsproxy.dll + 2009-08-27 11:13 . 2008-04-14 02:33 96768 c:\windows\ie8\inseng.dll + 2009-08-27 11:13 . 2008-04-14 02:33 35840 c:\windows\ie8\imgutil.dll + 2009-08-27 11:13 . 2008-04-14 02:34 93184 c:\windows\ie8\iexplore.exe + 2009-08-27 11:13 . 2008-04-14 02:33 63488 c:\windows\ie8\iesetup.dll + 2009-08-27 11:13 . 2008-04-14 02:33 49152 c:\windows\ie8\iernonce.dll + 2009-08-27 11:13 . 2009-06-26 16:50 81920 c:\windows\ie8\ieencode.dll + 2009-08-27 11:13 . 2008-04-14 02:34 34304 c:\windows\ie8\ie4uinit.exe + 2009-08-27 11:13 . 2008-04-14 02:33 38912 c:\windows\ie8\hmmapi.dll + 2009-08-27 11:13 . 2008-04-14 02:33 35328 c:\windows\ie8\corpol.dll + 2009-08-27 11:13 . 2008-04-14 02:33 61440 c:\windows\ie8\admparse.dll + 2009-08-27 11:15 . 2009-03-08 02:35 2048 c:\windows\ie8updates\KB973874-IE8\iecompat.dll + 2009-08-22 15:31 . 2009-01-07 16:21 121856 c:\windows\system32\xmllite.dll - 2009-08-22 15:31 . 2008-04-14 02:33 121856 c:\windows\system32\xmllite.dll - 2002-08-30 12:00 . 2008-04-14 02:34 155648 c:\windows\system32\wscript.exe + 2002-08-30 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe + 2009-03-08 02:34 . 2009-03-08 02:34 208384 c:\windows\system32\WinFXDocObj.exe + 2002-08-30 12:00 . 2009-03-08 02:34 236544 c:\windows\system32\webcheck.dll + 2002-08-30 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll + 2002-08-30 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\url.dll + 2002-08-30 12:00 . 2008-05-09 10:55 172032 c:\windows\system32\scrrun.dll - 2002-08-30 12:00 . 2008-04-14 02:33 172032 c:\windows\system32\scrrun.dll - 2002-08-30 12:00 . 2008-04-14 02:33 180224 c:\windows\system32\scrobj.dll + 2002-08-30 12:00 . 2008-05-09 10:55 180224 c:\windows\system32\scrobj.dll + 2002-08-30 12:00 . 2009-08-27 16:02 311938 c:\windows\system32\perfh009.dat - 2002-08-30 12:00 . 2009-08-26 17:28 311938 c:\windows\system32\perfh009.dat + 2002-08-30 12:00 . 2009-07-03 16:57 206848 c:\windows\system32\occache.dll + 2002-08-30 12:00 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll + 2002-08-30 12:00 . 2009-03-08 02:34 193536 c:\windows\system32\msrating.dll + 2002-08-30 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\msls31.dll + 2009-03-08 02:32 . 2009-07-03 16:57 594432 c:\windows\system32\msfeeds.dll + 2009-01-07 16:20 . 2009-01-07 16:20 265720 c:\windows\system32\msdbg2.dll + 2002-08-30 12:00 . 2008-06-10 01:11 103936 c:\windows\system32\logagent.exe - 2002-08-30 12:00 . 2008-04-14 02:34 103936 c:\windows\system32\logagent.exe + 2006-05-18 06:16 . 2009-03-08 02:33 726528 c:\windows\system32\jscript.dll + 2009-03-08 02:22 . 2009-03-08 02:22 164352 c:\windows\system32\ieui.dll + 2006-02-24 14:21 . 2009-07-03 16:57 184320 c:\windows\system32\iepeers.dll + 2002-08-30 12:00 . 2009-07-03 16:57 386048 c:\windows\system32\iedkcs32.dll + 2009-03-08 02:11 . 2009-03-08 02:11 445952 c:\windows\system32\ieapfltr.dll + 2002-08-30 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\ieakui.dll + 2002-08-30 12:00 . 2009-03-08 02:33 229376 c:\windows\system32\ieaksie.dll + 2002-08-30 12:00 . 2009-03-08 02:33 125952 c:\windows\system32\ieakeng.dll + 2002-08-30 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe + 2006-06-09 12:35 . 2009-03-08 02:31 216064 c:\windows\system32\dxtrans.dll + 2006-06-09 12:35 . 2009-03-08 02:31 348160 c:\windows\system32\dxtmsft.dll + 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe - 2009-07-13 00:18 . 2008-04-14 02:33 233472 c:\windows\system32\dllcache\wmpdxm.dll + 2009-07-13 00:18 . 2009-07-12 10:21 233472 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-26 16:50 . 2009-07-03 16:57 915456 c:\windows\system32\dllcache\wininet.dll + 2009-03-08 02:34 . 2009-03-08 02:34 236544 c:\windows\system32\dllcache\webcheck.dll + 2009-03-08 02:33 . 2009-03-08 02:33 759296 c:\windows\system32\dllcache\VGX.dll + 2008-05-09 10:55 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll + 2009-03-08 02:34 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll + 2009-01-07 16:20 . 2009-01-07 16:20 134144 c:\windows\system32\dllcache\sqmapi.dll + 2009-01-07 16:21 . 2009-01-07 16:21 474624 c:\windows\system32\dllcache\shlwapi.dll + 2008-05-09 10:55 . 2008-05-09 10:55 172032 c:\windows\system32\dllcache\scrrun.dll + 2008-05-09 10:55 . 2008-05-09 10:55 180224 c:\windows\system32\dllcache\scrobj.dll + 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll + 2009-03-08 02:34 . 2009-07-03 16:57 206848 c:\windows\system32\dllcache\occache.dll + 2009-06-25 08:26 . 2009-06-25 08:26 136192 c:\windows\system32\dllcache\msv1_0.dll + 2009-03-08 02:32 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll + 2009-03-08 02:34 . 2009-03-08 02:34 193536 c:\windows\system32\dllcache\msrating.dll + 2002-08-30 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\dllcache\msls31.dll + 2008-06-09 23:31 . 2008-06-10 01:11 103936 c:\windows\system32\dllcache\logagent.exe - 2008-06-09 23:31 . 2008-04-14 02:34 103936 c:\windows\system32\dllcache\logagent.exe + 2009-06-25 08:26 . 2009-06-25 08:26 301568 c:\windows\system32\dllcache\kerberos.dll + 2008-05-09 10:55 . 2009-03-08 02:33 726528 c:\windows\system32\dllcache\jscript.dll + 2009-03-08 12:09 . 2009-03-08 12:09 638816 c:\windows\system32\dllcache\iexplore.exe + 2009-03-08 02:31 . 2009-07-03 16:57 184320 c:\windows\system32\dllcache\iepeers.dll + 2009-03-08 12:09 . 2009-07-03 16:57 386048 c:\windows\system32\dllcache\iedkcs32.dll + 2002-08-30 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\dllcache\ieakui.dll + 2009-03-08 02:33 . 2009-03-08 02:33 229376 c:\windows\system32\dllcache\ieaksie.dll + 2009-03-08 02:33 . 2009-03-08 02:33 125952 c:\windows\system32\dllcache\ieakeng.dll + 2009-03-08 02:32 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2009-03-08 02:31 . 2009-03-08 02:31 216064 c:\windows\system32\dllcache\dxtrans.dll + 2009-03-08 02:31 . 2009-03-08 02:31 348160 c:\windows\system32\dllcache\dxtmsft.dll + 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe + 2009-03-08 02:32 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll + 2002-08-30 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe + 2002-08-30 12:00 . 2009-03-08 02:32 128512 c:\windows\system32\advpack.dll + 2009-08-27 11:15 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB973874-IE8\spuninst\updspapi.dll + 2009-08-27 11:15 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB973874-IE8\spuninst\spuninst.exe + 2009-08-27 11:15 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll + 2009-08-27 11:15 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll + 2009-08-27 11:15 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe + 2009-08-27 11:15 . 2009-03-08 02:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll + 2009-08-27 11:15 . 2009-03-08 02:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll + 2009-08-27 11:15 . 2009-03-08 02:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll + 2009-08-27 11:15 . 2009-03-08 02:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll + 2009-08-27 11:15 . 2009-03-08 12:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll + 2009-08-27 11:15 . 2009-03-08 02:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe + 2009-08-27 11:13 . 2009-06-26 16:50 670720 c:\windows\ie8\wininet.dll + 2009-08-27 11:13 . 2008-04-14 02:33 281600 c:\windows\ie8\webcheck.dll + 2009-08-27 11:13 . 2008-04-14 02:33 851968 c:\windows\ie8\vgx.dll + 2009-08-27 11:13 . 2008-05-09 10:55 430080 c:\windows\ie8\vbscript.dll + 2009-08-27 11:13 . 2009-06-26 16:50 621056 c:\windows\ie8\urlmon.dll + 2009-08-27 11:14 . 2009-01-07 16:21 406048 c:\windows\ie8\spuninst\updspapi.dll + 2009-08-27 11:14 . 2009-01-07 16:21 235040 c:\windows\ie8\spuninst\spuninst.exe + 2009-08-27 11:13 . 2008-04-14 02:33 532480 c:\windows\ie8\mstime.dll + 2009-08-27 11:13 . 2008-04-14 02:33 146432 c:\windows\ie8\msrating.dll + 2009-08-27 11:13 . 2002-08-30 12:00 146432 c:\windows\ie8\msls31.dll + 2009-08-27 11:13 . 2008-04-14 02:33 449024 c:\windows\ie8\mshtmled.dll + 2009-08-27 11:13 . 2008-05-09 10:55 512000 c:\windows\ie8\jscript.dll + 2009-08-27 11:13 . 2008-04-14 02:33 251904 c:\windows\ie8\iepeers.dll + 2009-08-27 11:13 . 2008-04-14 02:33 323584 c:\windows\ie8\iedkcs32.dll + 2009-08-27 11:13 . 2002-08-30 12:00 245760 c:\windows\ie8\ieakui.dll + 2009-08-27 11:13 . 2008-04-14 02:33 221184 c:\windows\ie8\ieaksie.dll + 2009-08-27 11:13 . 2008-04-14 02:33 143360 c:\windows\ie8\ieakeng.dll + 2009-08-27 11:13 . 2008-04-14 02:33 205312 c:\windows\ie8\dxtrans.dll + 2009-08-27 11:13 . 2008-04-14 02:33 357888 c:\windows\ie8\dxtmsft.dll + 2009-08-27 11:13 . 2008-04-14 02:33 101888 c:\windows\ie8\advpack.dll + 2009-08-27 11:19 . 2009-08-27 11:19 172032 c:\windows\ERDNT\AutoBackup\27-08-09\Users\00000002\UsrClass.dat + 2009-08-27 11:19 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\27-08-09\ERDNT.EXE + 2009-08-27 11:17 . 2009-08-27 11:17 172032 c:\windows\ERDNT\27-08-09_apres IE8etRelicaltsXP3\Users\00000002\UsrClass.dat + 2009-08-27 11:17 . 2005-10-20 10:02 163328 c:\windows\ERDNT\27-08-09_apres IE8etRelicaltsXP3\ERDNT.EXE + 2009-08-27 09:51 . 2009-08-27 09:51 172032 c:\windows\ERDNT\27-08-09_1150\Users\00000002\UsrClass.dat + 2009-08-27 09:51 . 2005-10-20 10:02 163328 c:\windows\ERDNT\27-08-09_1150\ERDNT.EXE + 2009-08-27 08:41 . 2009-08-27 08:41 172032 c:\windows\ERDNT\27-08-09\Users\00000002\UsrClass.dat + 2009-08-27 08:41 . 2005-10-20 10:02 163328 c:\windows\ERDNT\27-08-09\ERDNT.EXE + 2002-08-30 12:00 . 2008-11-07 14:45 2174976 c:\windows\system32\WMVCore.dll + 2004-08-19 23:09 . 2009-07-12 10:21 4874240 c:\windows\system32\wmp.dll - 2004-08-19 23:09 . 2008-04-14 02:33 4874240 c:\windows\system32\wmp.dll + 2002-08-30 12:00 . 2008-06-10 04:11 1053696 c:\windows\system32\WMNetmgr.dll + 2006-08-31 05:56 . 2009-07-03 16:57 1208832 c:\windows\system32\urlmon.dll + 2006-06-30 08:52 . 2009-07-19 13:15 5937152 c:\windows\system32\mshtml.dll + 2009-03-08 02:32 . 2009-07-03 16:57 1985536 c:\windows\system32\iertutil.dll + 2009-02-06 19:07 . 2009-02-06 19:07 3698584 c:\windows\system32\ieapfltr.dat + 2008-11-07 16:32 . 2008-11-07 14:45 2174976 c:\windows\system32\dllcache\WMVCore.dll + 2009-07-13 00:18 . 2009-07-12 10:21 4874240 c:\windows\system32\dllcache\wmp.dll - 2009-07-13 00:18 . 2008-04-14 02:33 4874240 c:\windows\system32\dllcache\wmp.dll + 2008-06-10 16:18 . 2008-06-10 04:11 1053696 c:\windows\system32\dllcache\WMNetmgr.dll + 2009-06-26 16:50 . 2009-07-03 16:57 1208832 c:\windows\system32\dllcache\urlmon.dll + 2009-07-18 16:03 . 2009-07-19 13:15 5937152 c:\windows\system32\dllcache\mshtml.dll + 2009-01-07 16:21 . 2009-01-07 16:21 1022976 c:\windows\system32\dllcache\browseui.dll + 2009-08-27 11:15 . 2009-03-08 02:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll + 2009-08-27 11:15 . 2009-03-08 02:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll + 2009-08-27 11:15 . 2009-03-08 02:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll + 2009-08-27 11:13 . 2009-07-18 16:03 3090432 c:\windows\ie8\mshtml.dll + 2009-08-27 11:19 . 2009-08-27 11:19 1921024 c:\windows\ERDNT\AutoBackup\27-08-09\Users\00000001\NTUSER.DAT + 2009-08-27 11:17 . 2009-08-27 11:17 1794048 c:\windows\ERDNT\27-08-09_apres IE8etRelicaltsXP3\Users\00000001\NTUSER.DAT + 2009-08-27 09:51 . 2009-08-27 09:51 1773568 c:\windows\ERDNT\27-08-09_1150\Users\00000001\NTUSER.DAT + 2009-08-27 08:41 . 2009-08-27 08:41 1765376 c:\windows\ERDNT\27-08-09\Users\00000001\NTUSER.DAT + 2009-03-08 02:39 . 2009-07-19 16:45 11067392 c:\windows\system32\ieframe.dll + 2009-08-27 11:15 . 2009-03-08 02:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Process Explorer"="d:\securite\Outils\ProcessExplorer\procexp.exe" [2009-08-22 3550592] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064] "IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-22 30192] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-28 1626112] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-28 67584] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] c:\documents and settings\FG\Menu D‚marrer\Programmes\D‚marrage\ ERUNT AutoBackup.lnk - c:\program files\ERDNT_FG\AUTOBACK.EXE [2005-10-20 38912] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "cmdAgent"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22-08-09 14:38 30192] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-28 15:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\FG\Application Data\Mozilla\Firefox\Profiles\qfiarvk4.default\ FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-27 18:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(960) c:\windows\system32\netprovcredman.dll - - - - - - - > 'explorer.exe'(3148) c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe c:\program files\Intel\WiFi\bin\WLKEEPER.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2009-08-27 18:09 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-27 16:09 ComboFix2.txt 2009-08-27 10:36 ComboFix3.txt 2009-08-26 17:38 Pre-Run: 82 752 847 872 octets libres Post-Run: 82 719 350 784 octets libres 544 --- E O F --- 2009-08-26 20:19

Bonjour Angelique, alors que hier soir après avoir poster le rapport Combofix je pensais à une rémission, ce matin en redémarrant j'ai reperdu ma connexion, et la possibilité de restaurer le registre. Trop simple sinon ! Comment empêcher le "truc" de continuer à semer la zizanie ? Merci

ComboFix 09-08-26.03 - FG 26-08-09 19:29.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.2656 [GMT 2:00] Running from: c:\documents and settings\FG\Bureau\ComboFix.exe AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\FG\Bureau\SystemLook.exe H:\explorer.exe . ((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 ))))))))))))))))))))))))))))))) . 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\system32\fr-fr 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\l2schemas 2009-08-26 12:52 . 2009-08-26 12:52 -------- d-----w- c:\windows\system32\fr 2009-08-26 12:02 . 2009-08-26 12:02 152576 ----a-w- c:\documents and settings\FG\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\FG\Application Data\Intel 2009-08-26 04:12 . 2009-08-26 04:12 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel 2009-08-26 04:11 . 2008-06-20 08:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll 2009-08-26 04:11 . 2008-08-28 21:34 3632384 ----a-w- c:\windows\system32\drivers\NETw5x32.sys 2009-08-26 04:11 . 2008-06-20 08:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll 2009-08-26 04:09 . 2009-08-26 04:09 -------- d-----w- c:\program files\Fichiers communs\Intel 2009-08-26 04:09 . 2009-08-26 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel 2009-08-25 09:16 . 2009-08-25 09:16 -------- d-----w- c:\documents and settings\FG\Application Data\Dell 2009-08-25 09:16 . 2009-08-25 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2009-08-25 07:05 . 2009-08-25 07:05 -------- d-----w- c:\program files\Broadcom 2009-08-25 06:41 . 2006-10-17 09:55 1711104 ----a-w- c:\windows\system32\drivers\NETw3x32.sys 2009-08-25 06:18 . 2009-08-25 06:33 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\documents and settings\FG\Application Data\Malwarebytes 2009-08-23 15:13 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-23 15:13 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-23 11:11 . 2009-06-11 03:38 167936 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\m6z5bo6o.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll 2009-08-23 11:11 . 2008-09-17 18:39 139264 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\m6z5bo6o.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll 2009-08-23 09:22 . 2009-08-23 09:22 -------- d-----w- C:\getservice 2009-08-23 05:10 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-08-23 05:10 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-08-23 05:10 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2009-08-23 05:10 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2009-08-23 05:10 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2009-08-23 05:10 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2009-08-23 05:10 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2009-08-23 05:10 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2009-08-23 05:10 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-08-23 05:10 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-08-23 05:10 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-08-23 05:08 . 2009-08-23 05:08 -------- d-----w- c:\program files\CONEXANT 2009-08-23 04:55 . 2007-05-10 08:22 405504 ----a-w- c:\windows\stsystra.exe 2009-08-23 04:55 . 2007-04-10 15:02 1601536 ----a-w- c:\windows\system32\stlang.dll 2009-08-23 04:55 . 2008-04-14 02:33 4096 ----a-w- c:\windows\system32\ksuser.dll 2009-08-23 04:55 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2009-08-23 04:49 . 2007-05-10 08:24 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys 2009-08-23 04:49 . 2007-05-10 08:23 270336 ----a-w- c:\windows\system32\stacapi.dll 2009-08-23 04:49 . 2009-08-23 04:49 -------- d-----w- c:\program files\SigmaTel 2009-08-23 04:49 . 2007-08-21 07:58 146944 ----a-w- c:\windows\system32\st325602.dll 2009-08-23 04:00 . 2009-08-23 04:00 -------- d-s---w- c:\documents and settings\FG\UserData 2009-08-23 03:44 . 2009-08-26 03:39 -------- d-----w- c:\program files\Dell 2009-08-23 03:44 . 2009-08-23 03:44 -------- d-----w- c:\windows\system32\Dell 2009-08-22 15:30 . 2008-04-14 02:34 259072 -c----w- c:\windows\system32\dllcache\msnetobj.dll 2009-08-22 14:17 . 2009-08-23 11:57 1 ----a-w- c:\documents and settings\FG\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-22 14:16 . 2009-08-22 14:16 -------- d-----w- c:\documents and settings\FG\Application Data\OpenOffice.org 2009-08-22 13:53 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-08-22 13:50 . 2009-08-22 13:50 -------- d-----w- c:\program files\MSXML 4.0 2009-08-22 13:06 . 2009-06-11 03:38 167936 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\zfbaah86.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll 2009-08-22 13:06 . 2008-09-17 18:39 139264 ----a-w- c:\documents and settings\FG\Application Data\Thunderbird\Profiles\zfbaah86.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll 2009-08-22 12:38 . 2009-08-22 12:38 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\Google 2009-08-22 12:38 . 2009-08-22 12:38 -------- d-----w- c:\program files\Google 2009-08-22 12:36 . 2009-08-22 12:36 -------- d-----w- c:\program files\JRE 2009-08-22 12:36 . 2009-08-22 12:36 -------- d-----w- c:\program files\OpenOffice.org 3 2009-08-22 12:36 . 2009-07-25 03:23 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-22 12:36 . 2009-08-26 12:03 -------- d-----w- c:\program files\Java 2009-08-22 12:08 . 2009-08-22 12:08 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-08-22 09:04 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-08-22 09:03 . 2009-02-09 11:24 2191104 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-08-22 09:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-08-22 09:03 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-08-22 09:03 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-08-22 09:03 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-08-22 09:03 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-08-22 09:03 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-08-22 09:03 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-08-22 09:03 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-08-22 09:03 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-08-22 09:03 . 2009-02-09 11:23 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-08-22 09:03 . 2009-02-09 11:23 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-08-22 09:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-08-22 09:00 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-08-22 09:00 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-08-22 09:00 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-08-22 09:00 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-22 09:00 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-08-22 09:00 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-08-22 08:59 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-08-22 08:59 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll 2009-08-22 08:59 . 2008-10-03 10:03 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll 2009-08-22 08:59 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-08-22 08:54 . 2009-05-28 15:43 27792 ----a-w- c:\windows\system32\drivers\point32.sys 2009-08-22 08:54 . 2009-08-22 08:54 -------- d-----w- c:\program files\Microsoft IntelliPoint 2009-08-22 08:54 . 2009-08-22 08:54 -------- d-----w- c:\program files\MSXML 6.0 2009-08-22 08:53 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-22 08:53 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-08-22 08:19 . 2005-09-28 18:57 113847 ----a-r- c:\windows\system32\drivers\Apfiltr.sys 2009-08-22 08:19 . 2005-03-04 18:31 95511 ----a-r- c:\windows\system32\Vxdif.dll 2009-08-20 10:34 . 2009-08-20 10:34 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\COMODO 2009-08-20 10:25 . 2009-08-20 10:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel 2009-08-20 10:23 . 2009-08-26 04:11 -------- dc----w- c:\windows\system32\DRVSTORE 2009-08-20 10:23 . 2009-08-26 04:09 -------- d-----w- c:\program files\Intel 2009-08-20 10:13 . 2009-08-20 10:13 0 ----a-w- c:\windows\nsreg.dat 2009-08-20 10:13 . 2009-08-20 10:13 -------- d-----w- c:\documents and settings\FG\Local Settings\Application Data\Mozilla 2009-08-20 09:35 . 2009-08-26 17:34 33632 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-08-20 09:27 . 2009-08-20 09:27 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-08-20 09:19 . 2009-08-20 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo 2009-08-20 09:19 . 2009-08-20 09:19 86976 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-08-20 09:19 . 2009-08-20 09:19 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-08-20 09:19 . 2009-08-20 09:19 179792 ----a-w- c:\windows\system32\guard32.dll 2009-08-20 09:19 . 2009-08-20 09:19 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-08-20 09:19 . 2009-08-20 09:19 -------- d-----w- c:\program files\COMODO 2009-08-20 08:41 . 2009-08-22 12:40 17672 ----a-w- c:\documents and settings\FG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 08:40 . 2009-08-20 08:40 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer 2009-08-20 08:40 . 2009-08-26 12:54 -------- d-----w- c:\windows\system32\wbem\AutoRecover 2009-08-20 08:27 . 2009-08-26 12:52 -------- d-----w- c:\windows\peernet 2009-08-20 08:27 . 2009-08-20 08:27 -------- d-----w- c:\windows\provisioning 2009-08-20 08:26 . 2009-08-20 08:26 -------- d-----w- c:\windows\ServicePackFiles 2009-08-20 08:24 . 2009-08-26 12:53 -------- d-----w- c:\windows\EHome 2009-08-20 07:52 . 2008-04-13 17:34 11264 ------w- c:\windows\system32\spnpinst.exe 2009-08-20 07:52 . 2004-08-02 12:20 4569 ------w- c:\windows\system32\secupd.dat 2009-08-20 07:41 . 2008-04-14 02:33 1097728 ----a-w- c:\windows\system32\esent.dll 2009-08-20 07:32 . 2009-08-26 12:52 -------- d-----w- c:\windows\system32\bits 2009-08-20 07:32 . 2007-08-10 06:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2009-08-20 07:32 . 2009-08-23 12:10 -------- d--h--w- c:\windows\$hf_mig$ 2009-08-20 07:31 . 2008-12-16 12:31 354304 ----a-w- c:\windows\system32\winhttp.dll 2009-08-20 07:31 . 2008-04-14 02:33 18944 ----a-w- c:\windows\system32\qmgrprxy.dll 2009-08-20 07:31 . 2008-04-14 02:33 8192 ------w- c:\windows\system32\bitsprx2.dll 2009-08-20 07:31 . 2008-04-14 02:33 7168 ------w- c:\windows\system32\bitsprx3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-26 17:28 . 2002-08-30 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-26 17:28 . 2002-08-30 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-26 12:56 . 2009-08-19 06:52 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-08-26 05:24 . 2009-08-22 05:55 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-25 09:16 . 2009-08-22 08:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-23 10:59 . 2009-08-22 05:55 -------- d-----w- c:\documents and settings\FG\Application Data\Thunderbird 2009-08-22 08:19 . 2009-08-22 08:19 -------- d-----w- c:\program files\Apoint 2009-08-22 08:19 . 2009-08-20 10:35 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-08-22 06:03 . 2009-08-22 06:03 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-22 05:56 . 2009-08-22 05:56 -------- d-----w- c:\documents and settings\FG\Application Data\Talkback 2009-08-21 08:43 . 2009-08-20 10:36 31740 ----a-w- c:\windows\system32\nvModes.dat 2009-08-19 06:52 . 2009-08-19 06:52 -------- d-----w- c:\program files\microsoft frontpage 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\U9B9BDRP.DAT 2009-08-19 06:52 . 2009-08-19 06:52 558142 ----a-w- c:\windows\java\Packages\MVH3JXNB.ZIP 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\1FHRDVBL.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\ETZTZLB7.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\6WRLBNRX.DAT 2009-08-19 06:52 . 2009-08-19 06:52 2678 ----a-w- c:\windows\java\Packages\Data\28IAYBNR.DAT 2009-08-19 06:52 . 2009-08-19 06:52 155995 ----a-w- c:\windows\java\Packages\ERRVBXB9.ZIP 2009-08-19 06:49 . 2009-08-19 06:49 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-19 06:49 . 2009-08-19 06:49 -------- d-----w- c:\program files\Services en ligne 2009-08-05 09:00 . 2002-08-30 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:35 . 2002-08-30 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:35 . 2002-08-30 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 19:03 . 2002-08-30 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-06-26 16:50 . 2006-06-23 11:28 670720 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:50 . 2004-08-19 23:09 81920 ------w- c:\windows\system32\ieencode.dll 2009-06-25 18:36 . 2002-08-30 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2002-08-30 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2002-08-30 12:00 527360 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2002-08-30 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2002-08-30 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2002-08-30 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2002-08-30 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2002-08-30 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2002-08-30 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2002-08-30 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2002-08-30 12:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2002-08-30 12:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-22 11:49 . 2002-08-30 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2002-08-30 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2002-08-30 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2002-08-30 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-15 10:44 . 2002-08-30 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2002-08-30 12:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2002-08-30 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:15 . 2002-08-30 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2002-08-30 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-08-22 12:38 . 2009-08-22 12:38 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-08-20 1793808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-22 30192] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064] "IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-28 1626112] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-28 67584] c:\documents and settings\FG\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [20-08-09 11:19 132040] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [20-08-09 11:19 25160] S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22-08-09 14:38 30192] S3 JFK;JFK;c:\docume~1\FG\LOCALS~1\Temp\JFK.exe --> c:\docume~1\FG\LOCALS~1\Temp\JFK.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-08-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-28 15:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s TCP: {8F53B181-17C8-403C-BADA-729ADA27F8A8} = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\FG\Application Data\Mozilla\Firefox\Profiles\qfiarvk4.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 19:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1080) c:\windows\system32\netprovcredman.dll - - - - - - - > 'explorer.exe'(2972) c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe c:\program files\Intel\WiFi\bin\WLKEEPER.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2009-08-26 19:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-26 17:38 Pre-Run: 77 492 862 976 octets libres Post-Run: 77 451 751 424 octets libres 330 --- E O F --- 2009-08-26 13:04

Angelique, j'ai eu une connexion correcte depuis ce matin jusqu'à ce que j'accepte de télécharger une mise à jour de Microsoft, ou de quelque chose qui se faisait passer pour !? Le temps que cette mise à jour s'installe et depuis plus de connexion. J'ai voulu réutiliser SystemLook qui m'avait permis ce matin de récupérer ces infos : SystemLook v1.0 by jpshortstuff (18.05.09) Log created at 06:36 on 26/08/2009 by FG (Administrator - Elevation successful) ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\11] "Description"="Intel® PRO/Wireless 3945ABG Network Connection" "ServiceName"="{941A5333-EF98-4271-A520-D1B2A34BF662}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\15] "Description"="Broadcom NetXtreme 57xx Gigabit Controller" "ServiceName"="{8F53B181-17C8-403C-BADA-729ADA27F8A8}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\3] "Description"="Carte réseau 1394" "ServiceName"="{EF46FE50-9DF3-4790-B23B-E4F2164163DB}" -=End Of File=- mais depuis je n'arrive plus à écrire dans la fenêtre de SystemLook, comme si quelque chose le rendait partiellement inopérationnel. En fait, pour dire le fond de ma pensée, et pour bien comprendre il faut lire le sujet depuis le début, j'ai toujours au moins un virus actif puisque dès que j'ouvre Firefox ou IE j'ai jusqu'à 90 connexions actives sortantes. Elles s'établissent aussi via svchost.exe. Sur mon PC fixe, celui avec lequel je t'écris, j'ai la même chose mais en plus, ces connexions apparaissent aussi avec Skype ou Msn. Comodo m'a détecté et mis en quarntaine : Backdoor.Win32.Agent.ahuv@24376020 TrojWare.Win32.TrojanDownloader.IstBar.~L@25568999 Application.Win32.WinVNC.~B@12028414 Je pensais être plus tranquille...mais ma connexion s'est à nouveau établie sur 169.254.179.168 J'ai donc essayer de forcer la main à ma carte en lui imposant une adresse à la main comme tu me l'as indiqué plus haut mais là surprise : j'ai affiché sur le portable 192.168.1.20, dans la box j'ai bien l'adresse de la carte mais l'IP apparait comme indéfinie. Je sollicite donc ton aide et/ou celle d'Apollo pour éradiquer ce virus. Merci

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:36:55, on 26-08-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\SECURITE\OUTILS\PROCESSEXPLORER\PROCEXP.EXE C:\WINDOWS\notepad.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\regedit.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\FG\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- End of file - 5540 bytes

Bonjour Apollo, maintenant que j'ai la possibilité de mettre à jour MBAM, j'ai lancé une recherche qui n'a rien donnée. Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2697 Windows 5.1.2600 Service Pack 2 26-08-09 09:31:56 mbam-log-2009-08-26 (09-31-56).txt Type de recherche: Examen complet (C:\|D:\|G:\|H:\|I:\|) Eléments examinés: 307797 Temps écoulé: 2 hour(s), 36 minute(s), 17 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Bonjour Angélique, j'ai pu réinstaller un driver de carte : j'ai retrouvé une connexion wifi correcte. SystemLook v1.0 by jpshortstuff (18.05.09) Log created at 06:36 on 26/08/2009 by FG (Administrator - Elevation successful) ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\11] "Description"="Intel® PRO/Wireless 3945ABG Network Connection" "ServiceName"="{941A5333-EF98-4271-A520-D1B2A34BF662}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\15] "Description"="Broadcom NetXtreme 57xx Gigabit Controller" "ServiceName"="{8F53B181-17C8-403C-BADA-729ADA27F8A8}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\3] "Description"="Carte réseau 1394" "ServiceName"="{EF46FE50-9DF3-4790-B23B-E4F2164163DB}" -=End Of File=-

Merci à tous les deux, j'ai essayé vainement pendant plusieurs heures de retrouver ma connexion... Je capitule pour ce soir. Je vais tenter de réinstaller mon driver de carte mais je n'y crois pas trop car le virus m'empêche même de faire une restauration. En fait, ma sensation est que plus j'essaye de remédier à mes problèmes plus il devient virulent : à croire qu'on m'observe. C'est peut-être une impression subjective. Je ne suis pas particulièrement parano non plus. Je reprendrais demain car même si je formate le disque, il me faudra trouver une solution pour récupérer mes données sans réinjecter le virus ! à plus, et merci encore.

Bonjour Angelique, j'ai lancé 2 fois WinsockxpFix.exe sans succès : 169.254.179.168 revient toujours. Mais je sais pourquoi. J'ai trouvé 4 clés dans le Registre à cet endroit : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{9FB51A76-3C6E-45D7-9FAA-90E4845CB67C}\Parameters\Tcpip où se trouvent les deux adresses IP qui s'imposent au démarrage : 169.254.179.168 et 0.0.0.0 Pourrais-tu m'en dire plus ? Merci

Bonjour Apollo, Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2551 Windows 5.1.2600 Service Pack 2 23-08-09 22:52:33 mbam-log-2009-08-23 (22-52-33).txt Type de recherche: Examen complet (C:\|D:\|E:\|G:\|H:\|I:\|) Eléments examinés: 300236 Temps écoulé: 2 hour(s), 29 minute(s), 21 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:46:10, on 24-08-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Windows NT\Accessoires\wordpad.exe D:\SECURITE\OUTILS\PROCESSEXPLORER\PROCEXP.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\FG\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 5627 bytes D'autre part, j'ai trouvé un fichier "desktop.ini" sur le bureau du PC avec lequel je t'envoie ce message. Comme j'ai lu "Les infections se propageant par les supports amovibles : USB, Flash, etc.. " je souhaitais que tu vérifies son contenu : [LocalizedFileNames] Lecteur Windows Media.lnk=@C:\WINDOWS\inf\unregmp2.exe,-4

Bonjour Apollo, J'ai pu télécharger "mbam-setup.exe" et "mbam-rules.exe", avec un autre PC que j'ai transporté sur le portable infesté car le virus m'empêche de me connecter. En effet, dans un premier temps mon IP a changé, et le PC se connectait à 169.254.179.168/255.255.0.0. que j'ai interdit par la suite à l'aide du pare-feu. J'ai remarqué que le service de connection automatique de la liaison sans fil était arrêté en mode automatique. Je l'ai passé en mode manuel et redémarrer. J'ai réussi à me reconnecter 10 secondes et mon IP est passée à 0.0.0.0. Depuis impossible de faire quoi que ce soit pour rétablir la connection. J'ai quand même lancé MBAM après "mises à jour MBAM". Je posterai le rapport dès la fin. A-t-on une solution pour leurrer le virus afin de s'affranchir du problème de la connexion ? Merci encore. Merci

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:20:38, on 23-08-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\rundll32.exe D:\SECURITE\OUTILS\PROCESSEXPLORER\PROCEXP.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\FG\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 5396 bytes

Bonjour, j'ai eu de gros problèmes (virus) dernièrement sur mon portable qui m'ont obligé à changer le HDD et réinstaller. Je pensais avoir résolu mon problème, mais le virus c'est retrouvé de nouveau sur mon système après avoir reconnecté mon HDD vérolé sur un port USB afin de récupérer mes données. Je souhaiterai que quelqu'un me propose une solution pour éradiquer définitivement ce virus. Merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:20:38, on 23-08-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\rundll32.exe D:\SECURITE\OUTILS\PROCESSEXPLORER\PROCEXP.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\FG\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 5396 bytes

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\FindyKill.txt: trouvé ! C:\Documents and Settings\pc\Recent\HijackThis.lnk: trouvé ! C:\Documents and Settings\pc\Recent\Navilog1.lnk: trouvé ! C:\Documents and Settings\pc\Bureau\Documents Frederic\Securite\HijackThis: trouvé ! C:\Documents and Settings\pc\Bureau\Documents Frederic\Securite\Navilog1: trouvé ! C:\Documents and Settings\pc\Bureau\Documents Frederic\Securite\Navilog1\Navilog1.exe: trouvé ! C:\Documents and Settings\pc\Bureau\Documents Frederic\Securite\Hijackthis\HijackThis.exe: trouvé ! C:\Documents and Settings\pc\Bureau\Documents Frederic\Securite\Hijackthis\hijackthis.log: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! C:\Program Files\Navilog1\catchme.exe: trouvé ! Apollo, merci pour ton sérieux et ta compétence.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:19:13, on 22/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\pc\Bureau\Documents Frederic\Securite\Hijackthis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Calendrier.lnk = C:\Documents Maurice\Calendrier.WDB O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/ O15 - Trusted Zone: http://www.impots.gouv.fr O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208336812500 O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://dan-micro83/remote/msrdp.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- End of file - 4789 bytes