Aller au contenu

eckleféroce785

Membres
  • Compteur de contenus

    13
  • Inscription

  • Dernière visite

Tout ce qui a été posté par eckleféroce785

  1. ComboFix 10-01-14.06 - Squale 15/01/2010 14:20:26.4.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1279.839 [GMT 1:00] Lancé depuis: c:\documents and settings\Squale\Bureau\eckleféroce.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Squale\Application Data\avdrn.dat c:\documents and settings\Squale\Application Data\Gmail c:\windows\system32\drivers\H8SRTjxtesknvpm.sys c:\windows\system32\H8SRTevujmttiom.dat c:\windows\system32\H8SRTfshojtkdew.dll c:\windows\system32\H8SRTiykmwmybnm.dll c:\windows\system32\h8srtkrl32mainweq.dll c:\windows\system32\H8SRTxdkbwrqxnb.dll c:\windows\system32\krl32mainweq.dll c:\windows\system32\SIntf16.dll c:\windows\system32\srcr.dat c:\windows\system32\Thumbs.db c:\windows\Sysvxd.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-15 au 2010-01-15 )))))))))))))))))))))))))))))))))))) . 2010-01-14 10:42 . 2010-01-14 10:42 -------- d-s---w- c:\windows\Downloaded Program Files 2010-01-08 15:34 . 2010-01-08 15:34 -------- d-----w- c:\documents and settings\Squale\Local Settings\Application Data\Mozilla 2010-01-08 15:33 . 2010-01-08 15:33 49296 ----a-w- c:\documents and settings\Squale\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-08 15:33 . 2010-01-08 15:33 -------- d-----w- c:\documents and settings\Squale\Local Settings\Application Data\ATI 2010-01-05 17:20 . 2010-01-05 17:20 -------- d-----w- C:\Programmes 2010-01-01 18:11 . 2010-01-01 18:11 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2010-01-01 17:57 . 2010-01-13 19:16 -------- d-----w- c:\documents and settings\Squale\Application Data\QuickScan 2009-12-31 09:24 . 2009-12-31 09:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-DFC32A4ADEE1} 2009-12-30 17:50 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-12-30 17:49 . 2009-12-30 17:49 -------- d-----w- c:\program files\Panda Security 2009-12-30 17:31 . 2009-12-30 17:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-30 09:16 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-12-30 09:16 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-12-30 09:16 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-12-30 09:16 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-12-30 09:16 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-12-30 09:16 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-12-30 09:16 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-12-30 09:16 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-12-30 09:16 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-12-30 09:15 . 2009-12-30 09:15 -------- d-----w- c:\program files\Microsoft Silverlight 2009-12-29 19:19 . 2009-12-29 19:19 -------- d-----w- c:\program files\Viewpoint 2009-12-29 19:18 . 2009-12-29 19:18 -------- d-----w- c:\program files\Fichiers communs\AOL 2009-12-29 19:18 . 2009-12-29 19:21 -------- d-----w- c:\program files\AIM6 2009-12-20 11:05 . 2009-12-20 11:06 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-12-20 10:57 . 2009-12-20 13:16 -------- d-----w- c:\program files\THQ . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-14 23:20 . 2009-07-07 09:16 -------- d-----w- c:\documents and settings\Squale\Application Data\vlc 2010-01-13 19:23 . 2009-07-07 09:16 -------- d-----w- c:\documents and settings\Squale\Application Data\dvdcss 2010-01-01 23:19 . 2009-09-28 18:02 -------- d-----w- c:\program files\trend micro 2009-12-29 19:18 . 2008-10-01 17:24 335 ----a-w- c:\windows\nsreg.dat 2009-12-20 13:16 . 2004-11-18 22:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-20 12:55 . 2008-11-04 11:27 -------- d-----w- c:\program files\Microsoft Games 2009-12-20 10:33 . 2009-01-27 21:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-12-20 10:26 . 2009-01-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-12-19 12:56 . 2009-01-26 16:00 -------- d-----w- c:\documents and settings\Squale\Application Data\uTorrent 2009-12-10 14:53 . 2008-11-18 19:50 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-06 16:33 . 2009-12-06 16:33 -------- d-----w- c:\program files\Windows Media Connect 2 2009-11-28 12:09 . 2009-11-28 12:09 12 ----a-w- c:\documents and settings\LocalService\Application Data\cbqozg.dat 2009-11-12 10:20 . 2003-04-24 12:00 84526 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-12 10:20 . 2003-04-24 12:00 510324 ----a-w- c:\windows\system32\perfh00C.dat 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2005-01-27 22:11 . 2005-01-27 22:11 56 --sh--r- c:\windows\system32\05A15D8C63.sys 2006-05-03 09:06 . 2008-10-14 21:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2008-10-14 21:54 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2008-10-14 21:54 216064 --sh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "sunjavaupdatesched"="c:\program files\java\jre6\bin\jusched.exe" [2008-11-23 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] c:\documents and settings\Squale\Menu D‚marrer\Programmes\D‚marrage\ algqeh32.exe [2008-4-13 28160] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera [HKLM\~\startupfolder\C:^Documents and Settings^Squale^Menu Démarrer^Programmes^Démarrage^algqeh32.exe] path=c:\documents and settings\Squale\Menu Démarrer\Programmes\Démarrage\algqeh32.exe backup=c:\windows\pss\algqeh32.exeStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Squale\\Mes documents\\Warcraft III 1.17\\war3.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [30/12/2009 18:50 28552] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/12/2009 10:16 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/12/2009 10:16 20560] S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?] S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 11:35 18848] S3 ldiskl;ldiskl;\??\c:\docume~1\Squale\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\Squale\LOCALS~1\Temp\ldiskl.sys [?] S3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys --> c:\windows\system32\Drivers\ov530vid.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/01/2009 22:29 691696] . Contenu du dossier 'Tâches planifiées' 2009-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Squale\Application Data\Mozilla\Firefox\Profiles\7gvxyxfc.default\ FF - component: c:\documents and settings\Squale\Application Data\Mozilla\Firefox\Profiles\7gvxyxfc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: c:\documents and settings\Squale\Application Data\Mozilla\Firefox\Profiles\7gvxyxfc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-Malware Defense - c:\program files\Malware Defense\mdefense.exe MSConfigStartUp-settdebugx - c:\docume~1\Squale\LOCALS~1\Temp\settdebugx.exe AddRemove-Community Map Pack IV - c:\program files\THQ\Dawn of War\WXP\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-15 14:32 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run sunjavaupdatesched = "c:\program files\java\jre6\bin\jusched.exe"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-746137067-57989841-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-746137067-57989841-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:70,05,5d,ce,35,e4,83,ae,14,6b,06,17,98,07,4c,23,11,0f,3d,56,4d,81,7b, 93,fd,eb,7d,4f,23,ba,78,16,43,b3,06,ff,be,6b,77,1d,8a,c0,57,39,38,f9,55,5d,\ "??"=hex:dc,b4,33,50,1d,78,93,6c,5a,54,84,48,f5,33,17,45 [HKEY_USERS\S-1-5-21-746137067-57989841-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:58,c4,67,23,11,0e,bf,a0,52,e3,ee,f4,3f,a1,bb,59,f1,e9,1f,22,12, 96,54,55,be,23,25,0c,0a,62,56,f9,2e,f3,0f,18,3b,30,d3,f1,b2,30,dc,15,3e,31,\ "rkeysecu"=hex:75,70,ba,9e,5e,c6,c5,93,7a,c5,12,0c,2d,8f,4c,d8 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):fe,04,7e,5e,39,a0,d0,b6,6f,4b,62,c0,24,78,4b,13,2d,b9,28,c0,2c, 56,c3,fc,cc,e7,b4,ce,3a,08,52,5b,10,52,3d,3d,48,05,57,98,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{78522c3f-90da-4a90-b89c-64da8db98ba7}] @Denied: (Full) (Everyone) "Model"=dword:0000001f "Therad"=dword:0000001f "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,ab,9e,50,1b,eb,77,d1,ab,b5,66,4a,d0,23,02,d0,61,d1,48,b3,70,7f,ce,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2728) c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\rundll32.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2010-01-15 14:41:53 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-15 13:41 ComboFix2.txt 2009-09-28 12:23 ComboFix3.txt 2009-09-08 22:04 ComboFix4.txt 2009-07-30 09:41 Avant-CF: 26 120 060 928 octets libres Après-CF: 26 187 149 312 octets libres Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 88AB707C65BA397DC2E4CDBC1CA0AB96
  2. désolé pour le délai mais le scan a mis pres de 8h (et pas 10mins??? ) a se faire GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-14 22:21:50 Windows 5.1.2600 Service Pack 3 Running: v5fc74u9.exe; Driver: C:\DOCUME~1\Squale\LOCALS~1\Temp\fwriypog.sys ---- System - GMER 1.0.15 ---- INT 0x62 ? 89EE9BF8 INT 0x63 ? 89D33BF8 INT 0x73 ? 89D33BF8 INT 0x82 ? 89EE9BF8 INT 0x83 ? 89D33BF8 Code 89B13120 ZwEnumerateKey Code 89B09120 ZwFlushInstructionCache Code 89B0B11E IofCallDriver Code 89CB52DE IofCompleteRequest ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89EE81F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Udfs \UdfsCdRom 8987D1F8 Device \FileSystem\Udfs \UdfsDisk 8987D1F8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbohci \Device\USBPDO-0 89C441F8 Device \Driver\usbohci \Device\USBPDO-1 89C441F8 Device \Driver\usbehci \Device\USBPDO-2 89D881F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0FAE8D71-831E-4CEA-88E8-7ADE53145C27} 8981E1F8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 89F581F8 Device \Driver\Cdrom \Device\CdRom0 89D0A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8981E1F8 Device \Driver\NetBT \Device\NetbiosSmb 8981E1F8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbohci \Device\USBFDO-0 89C441F8 Device \Driver\usbohci \Device\USBFDO-1 89C441F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898151F8 Device \Driver\usbehci \Device\USBFDO-2 89D881F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 898151F8 Device \Driver\usbstor \Device\0000007d 8983A1F8 Device \Driver\Ftdisk \Device\FtControl 89F581F8 Device \Driver\usbstor \Device\0000007e 8983A1F8 ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTjxtesknvpm.sys (*** hidden *** ) B0F61000-B0F7D000 (114688 bytes) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\H8SRTjxtesknvpm.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxmimpqmla.sys Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x19 0x63 0x14 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTjxtesknvpm.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTjxtesknvpm.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTxdkbwrqxnb.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTevujmttiom.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTiykmwmybnm.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTfshojtkdew.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x11 0x56 0x15 0x67 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x3B 0xC2 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x19 0x63 0x14 0x54 ... Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxmimpqmla.sys Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x19 0x63 0x14 0x54 ... Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxmimpqmla.sys Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxmimpqmla.sys Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxsrfucfsk.dll Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x19 0x63 0x14 0x54 ... Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTjxtesknvpm.sys Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTjxtesknvpm.sys Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTxdkbwrqxnb.dll Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTevujmttiom.dat Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTiykmwmybnm.dll Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTfshojtkdew.dll Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x11 0x56 0x15 0x67 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x3B 0xC2 0x4C ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x19 0x63 0x14 0x54 ... Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xFE 0x04 0x7E 0x5E ... Reg HKLM\SOFTWARE\Classes\CLSID\{78522c3f-90da-4a90-b89c-64da8db98ba7}@Model 31 Reg HKLM\SOFTWARE\Classes\CLSID\{78522c3f-90da-4a90-b89c-64da8db98ba7}@Therad 31 Reg HKLM\SOFTWARE\Classes\CLSID\{78522c3f-90da-4a90-b89c-64da8db98ba7}@MData 0x2B 0x8F 0x78 0x29 ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Squale\Local Settings\temp\H8SRT363c.tmp 52224 bytes executable File C:\Documents and Settings\Squale\Local Settings\temp\H8SRT3746.tmp 343040 bytes executable File C:\Documents and Settings\Squale\Local Settings\temp\h8srtmainqt.dll 0 bytes File C:\Documents and Settings\Squale\Local Settings\temp\19e5_appcompat.txt 27306 bytes File C:\Documents and Settings\Squale\Local Settings\temp\303a_appcompat.txt 27306 bytes File C:\Documents and Settings\Squale\Local Settings\temp\5478_appcompat.txt 27306 bytes File C:\Documents and Settings\Squale\Local Settings\temp\f9f2_appcompat.txt 27306 bytes File C:\Documents and Settings\Squale\Local Settings\temp\14FF128.dmp 69849 bytes File C:\Documents and Settings\Squale\Local Settings\temp\1510DD3.dmp 68649 bytes File C:\Documents and Settings\Squale\Local Settings\temp\15229E2.dmp 64483 bytes File C:\Documents and Settings\Squale\Local Settings\temp\15346CC.dmp 70862 bytes File C:\WINDOWS\temp\H8SRT6a6d.tmp 160 bytes File C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\sfc_os.dll (size mismatch) 1548288/142336 bytes executable File C:\WINDOWS\system32\H8SRTevujmttiom.dat 160 bytes File C:\WINDOWS\system32\H8SRTfshojtkdew.dll 40960 bytes executable File C:\WINDOWS\system32\H8SRTiykmwmybnm.dll 36864 bytes executable File C:\WINDOWS\system32\h8srtkrl32mainweq.dll 928 bytes File C:\WINDOWS\system32\H8SRTxdkbwrqxnb.dll 23040 bytes executable File C:\WINDOWS\system32\drivers\H8SRTjxtesknvpm.sys 40448 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll (size mismatch) 258048/303104 bytes executable ---- EOF - GMER 1.0.15 ----
  3. Voila depuis pas mal de temps je me traine un trojan indéboulonable J'utilisais régulierement Hijack spybot malwaremalbyte etc mais depuis peu une nouvelle infection m'empeche de lancer les 3 logiciels suscités! j ai uniquement pu faire un scan en ligne qui ne détecte rien ( (( ) BitDefender QuickScan Beta 32-bit v0.9.8.9 ------------------------------------------ Date de l'analyse : Wed Jan 13 20:15:06 2010 ID de la machine : C8C0547A Aucune infection détectée. ---------------------------- Processus --------- <non signé> Catalyst Control Centre 1512 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe <verifié> Apple Mobile Device Service 1640 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <verifié> ATI External Event Utility for Windows 1008 C:\WINDOWS\system32\Ati2evxx.exe <verifié> ATI External Event Utility for Windows 1516 C:\WINDOWS\system32\Ati2evxx.exe <verifié> Bonjour 1668 C:\Program Files\Bonjour\mDNSResponder.exe <verifié> Catalyst Control Centre 1732 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe <verifié> Firefox 2156 C:\Program Files\Mozilla Firefox\firefox.exe <verifié> iTunes 2272 C:\Program Files\iPod\bin\iPodService.exe <verifié> iTunes 1836 C:\Program Files\iTunes\iTunesHelper.exe <verifié> Java Platform SE 6 U10 1624 C:\Program Files\Java\jre6\bin\jqs.exe <verifié> Microsoft Application Error Reporting 2200 C:\WINDOWS\system32\dwwin.exe <verifié> Microsoft® Windows® Operating System 1380 C:\WINDOWS\System32\alg.exe <verifié> Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\csrss.exe <verifié> Microsoft® Windows® Operating System 852 C:\WINDOWS\system32\lsass.exe <verifié> Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\spoolsv.exe <verifié> Microsoft® Windows® Operating System 1020 C:\WINDOWS\system32\svchost.exe <verifié> Microsoft® Windows® Operating System 1256 C:\WINDOWS\system32\svchost.exe <verifié> Microsoft® Windows® Operating System 1384 C:\WINDOWS\System32\svchost.exe <verifié> Microsoft® Windows® Operating System 1436 C:\WINDOWS\system32\svchost.exe <verifié> Microsoft® Windows® Operating System 1568 C:\WINDOWS\system32\svchost.exe <verifié> Microsoft® Windows® Operating System 1808 C:\WINDOWS\System32\svchost.exe <verifié> Microsoft® Windows® Operating System 2012 C:\WINDOWS\system32\svchost.exe <verifié> Système d'exploitation Microsoft® Windows® 168 C:\WINDOWS\Explorer.EXE <verifié> Système d'exploitation Microsoft® Windows® 832 C:\WINDOWS\system32\services.exe <verifié> Système d'exploitation Microsoft® Windows® 684 C:\WINDOWS\System32\smss.exe <verifié> Système d'exploitation Microsoft® Windows® 788 C:\WINDOWS\system32\winlogon.exe Activité du réseau ------------------ Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - www.ovh.com Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ww-in-f157.1e100.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns60265.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.34 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.25 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.169 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns60315.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns60265.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.34 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.169 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.169 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.25 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns38880.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns60265.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns60265.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.25 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 213.199.141.139 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.169 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.169 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns38880.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns38880.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ww-in-f149.1e100.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns60265.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ns60265.ovh.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - ez-in-f102.1e100.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - *.122.2o7.net Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.169 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.81 Processus firefox.exe (2156) connecté sur le port 80 (HTTP) - 62.208.24.25 Processus svchost.exe (1256) écoute sur les ports: 135 (RPC) Fichiers critiques et Autorun ----------------------------- <non signé> algqeh32.exe C:\Documents and Settings\Squale\Menu Démarrer\Programmes\Démarrage\algqeh32.exe <non signé> Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe <verifié> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe <verifié> ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll <verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll <verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll <verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\browseui.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\logonui.exe <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\shell32.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\stobject.dll <verifié> Système d'exploitation Microsoft® Windows® c:\windows\system32\userinit.exe <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\webcheck.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll <verifié> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll Plugins du navigateur --------------------- <non signé> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll <non signé> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll <non signé> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll <non signé> Java Platform SE 6 U10 c:\program files\java\jre6\bin\jp2ssv.dll <non signé> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA <non signé> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll <non signé> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll <non signé> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll <non signé> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll <non signé> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll <non signé> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll <non signé> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll <non signé> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll <non signé> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll <non signé> VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll <verifié> AcroIEHelper Library c:\program files\fichiers communs\adobe\acrobat\activex\acroiehelper.dll <verifié> BitDefender QuickScan C:\Documents and Settings\Squale\Application Data\Mozilla\Firefox\Profiles/7gvxyxfc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll <verifié> BitDefender QuickScan C:\Documents and Settings\Squale\Application Data\Mozilla\Firefox\Profiles/7gvxyxfc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll <verifié> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll <verifié> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll <verifié> Java Platform SE 6 U10 c:\program files\java\jre6\bin\ssv.dll <verifié> Java Platform SE 6 U10 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <verifié> Java Platform SE 6 U10 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll <verifié> Messenger C:\Program Files\Messenger\msmsgs.exe <verifié> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll <verifié> Microsoft® Windows Live Login Helper c:\program files\fichiers communs\microsoft shared\windows live\windowslivelogin.dll <verifié> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll <verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll <verifié> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll <verifié> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll <verifié> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll <verifié> Panda ActiveScan 2.0 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll <verifié> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\System32\nwprovau.dll <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\shdocvw.dll <verifié> Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll <verifié> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Fichiers manquants ------------------ Fichier non trouvé : C1\WINDOWS\system32\wuauserv.dll référencé dans : HKLM\System\CurrentControlSet\Services\wuauserv\Parameters\"ServiceDll" Fichier non trouvé : C:\DOCUME~1\Squale\LOCALS~1\Temp\catchme.sys référencé dans : HKLM\System\CurrentControlSet\Services\catchme\"ImagePath" Fichier non trouvé : C:\DOCUME~1\Squale\LOCALS~1\Temp\ldiskl.sys référencé dans : HKLM\System\CurrentControlSet\Services\ldiskl\"ImagePath" Fichier non trouvé : C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE référencé dans : HKLM\System\CurrentControlSet\Services\LiveUpdate\"ImagePath" Fichier non trouvé : C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll référencé dans : HLKM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027\"Path" Fichier non trouvé : C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll référencé dans : HLKM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088\"Path" Fichier non trouvé : C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll référencé dans : HLKM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040\"Path" Fichier non trouvé : C:\WINDOWS\System32\appmgmts.dll référencé dans : HKLM\System\CurrentControlSet\Services\AppMgmt\Parameters\"ServiceDll" Fichier non trouvé : C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys référencé dans : HKLM\System\CurrentControlSet\Services\dump_wmimmc\"ImagePath" Fichier non trouvé : H:\INSTALL\GMSIPCI.SYS référencé dans : HKLM\System\CurrentControlSet\Services\GMSIPCI\"ImagePath" Fichier non trouvé : System32\Drivers\ov530vid.sys référencé dans : HKLM\System\CurrentControlSet\Services\ovt530\"ImagePath" Fichier non trouvé : c:\program files\yahoo!\companion\installs\cpn1\yt.dll référencé dans : HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\InprocServer32\(default) référencé dans : HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32\(default) Analyse ------- Aucun fichier téléchargé vers le serveur. Analyse terminée - la communication a duré 1 secondes Trafic total - 0.05 Mo envoyés, 2.36 Ko reçus 1115 fichiers et modules analysés - 57 seconds autre faits particuliers:quand je lance mozilla il faut que je le relance suite a un crash et que je ne ferme pas le ddwin firefox.exe a rencontré un probleme et doit fermer qui se lance systématiquement De plus a intervalles régulier Iexplorer.exe a rencontré un probleme et doit fermer pop en plein milieu de mon écran alors meme que ce programme est désinstallé Merci par avance de toute aide que vous pourriez m apporter!
  4. alors je n ai plus de popup conficker n est plus actif,j ai installé les majs il y a juste un dernier truc,il y a un virus que spybot ne peux pas delete...
  5. alors?mon rapport explique il la situation?
  6. Et oui infecté
  7. Logfile of random's system information tool 1.06 (written by random/random) Run by Squale at 2009-09-28 20:02:32 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 26 GB (22%) free of 114 GB Total RAM: 1279 MB (55% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:03:33, on 28/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Squale\Bureau\RSIT.exe C:\Program Files\trend micro\Squale.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=62548 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing) O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunjavaupdatesched] "c:\program files\java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CurseClient] C:\Program Files\World of Warcraft\Interface\AddOns\Curse\CurseClient.exe -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing) O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL (file missing) O23 - Service: Service d'application d'assistance IPv6 (6to4) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing) O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing) O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service d'indexation (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Gestionnaire de l'Album (ClipSrv) - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing) O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing) O23 - Service: Application système COM+ (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing) O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Configuration automatique de réseau câblé (Dot3svc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service Protocole EAP (Extensible Authentication Protocol) (EapHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: Système d'événements de COM+ (EventSystem) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (file missing) O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Accès du périphérique d'interface utilisateur (HidServ) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service Gestion des clés et des certificats d'intégrité (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: Windows CardSpace (idsvc) - Unknown owner - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing) O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe (file missing) O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing) O23 - Service: Agent de protection d'accès réseau (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe (file missing) O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\System32\rsvp.exe (file missing) O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing) O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Pare-feu Windows / Partage de connexion Internet (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: Service de restauration système (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de découvertes SSDP (SSDPSRV) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing) O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing) O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Thèmes (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Hôte de périphérique universel Plug-and-Play (upnphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) O23 - Service: User Privilege Service (usprserv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Numéro de série du média portable (WmdmPmSp) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing) O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Configuration automatique sans fil (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) -- End of file - 16972 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-23 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-23 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-23 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440] "sunjavaupdatesched"=c:\program files\java\jre6\bin\jusched.exe [2008-11-23 136600] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "CurseClient"=C:\Program Files\World of Warcraft\Interface\AddOns\Curse\CurseClient.exe -silent [] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "ConsentPromptBehaviorAdmin"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:Teamspeak RC2" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion" "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" "C:\Program Files\World of Warcraft\Interface\AddOns\Curse\CurseClient.exe"="C:\Program Files\World of Warcraft\Interface\AddOns\Curse\CurseClient.exe:*:Enabled:Curse Client" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" ======List of files/folders created in the last 3 months====== 2009-09-28 20:02:35 ----D---- C:\Program Files\trend micro 2009-09-28 20:02:32 ----D---- C:\rsit 2009-09-28 20:02:01 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-09-28 20:02:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-28 14:32:50 ----SHD---- C:\RECYCLER 2009-09-28 14:23:59 ----D---- C:\WINDOWS\temp 2009-09-28 14:23:58 ----A---- C:\ComboFix.txt 2009-09-28 14:18:30 ----D---- C:\ComboFix 2009-09-20 05:10:18 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-20 05:10:17 ----D---- C:\Program Files\iTunes 2009-09-20 05:03:50 ----D---- C:\Program Files\QuickTime 2009-09-08 23:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-08 23:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-08 23:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2009-09-08 23:44:48 ----RASHD---- C:\cmdcons 2009-09-08 14:54:12 ----D---- C:\Documents and Settings\Squale\Application Data\Gmail 2009-08-29 15:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-29 11:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-08-29 01:44:00 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-29 01:43:53 ----D---- C:\Program Files\MSBuild 2009-08-29 01:43:51 ----D---- C:\WINDOWS\system32\en-US 2009-08-29 01:43:38 ----D---- C:\Program Files\Reference Assemblies 2009-08-29 01:43:09 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-29 01:43:09 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-29 01:43:09 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-29 01:43:08 ----D---- C:\5ffcaf73ee7fe4b43e5f27e0c771a227 2009-08-28 18:16:29 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment 2009-08-27 21:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-27 21:55:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-27 21:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-27 21:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-27 21:54:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-27 21:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-27 21:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-27 21:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-27 21:54:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-27 21:53:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-07-30 12:19:14 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$ 2009-07-30 12:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$ 2009-07-30 11:10:54 ----A---- C:\WINDOWS\zip.exe 2009-07-30 11:10:54 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-07-30 11:10:54 ----A---- C:\WINDOWS\SWSC.exe 2009-07-30 11:10:54 ----A---- C:\WINDOWS\SWREG.exe 2009-07-30 11:10:54 ----A---- C:\WINDOWS\sed.exe 2009-07-30 11:10:54 ----A---- C:\WINDOWS\PEV.exe 2009-07-30 11:10:54 ----A---- C:\WINDOWS\NIRCMD.exe 2009-07-30 11:10:54 ----A---- C:\WINDOWS\grep.exe 2009-07-30 11:10:49 ----D---- C:\WINDOWS\ERDNT 2009-07-30 11:10:44 ----D---- C:\Qoobox 2009-07-29 15:00:20 ----D---- C:\WINDOWS\pss 2009-07-29 14:58:40 ----D---- C:\Documents and Settings\Squale\Application Data\Malwarebytes 2009-07-29 14:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-07-29 14:58:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-29 12:45:58 ----D---- C:\WINDOWS\Prefetch 2009-07-29 12:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-07-29 12:38:28 ----A---- C:\WINDOWS\setuplog.txt 2009-07-29 12:35:00 ----D---- C:\WINDOWS\ServicePackFiles 2009-07-29 12:30:03 ----A---- C:\WINDOWS\003341_.tmp 2009-07-29 12:25:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-07-29 11:27:04 ----D---- C:\Documents and Settings\Squale\Application Data\Uniblue 2009-07-29 11:25:49 ----A---- C:\WINDOWS\system32\readme.txt 2009-07-28 20:01:48 ----A---- C:\Documents and Settings\Squale\Application Data\pdinstall.exe 2009-07-28 19:55:48 ----D---- C:\Documents and Settings\Squale\Application Data\Google 2009-07-28 16:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$ 2009-07-28 16:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$ 2009-07-28 15:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$ 2009-07-28 15:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$ 2009-07-28 15:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$ 2009-07-28 15:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$ 2009-07-28 15:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$ 2009-07-28 15:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP8$ 2009-07-28 15:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$ 2009-07-28 15:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$ 2009-07-28 15:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$ 2009-07-28 15:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$ 2009-07-28 14:55:27 ----D---- C:\WINDOWS\Fichiers d'installation de Windows Update 2009-07-28 14:55:12 ----A---- C:\WINDOWS\Active Setup Log.txt 2009-07-28 14:22:30 ----A---- C:\WINDOWS\system32\esent.dll 2009-07-28 13:56:35 ----A---- C:\WINDOWS\system32\winhttp.dll 2009-07-28 13:56:35 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-07-27 20:43:14 ----A---- C:\WINDOWS\control.ini 2009-07-27 20:41:35 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-07-27 20:40:56 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-07-27 20:40:56 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-07-27 20:40:56 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-07-27 20:40:56 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-07-27 20:40:54 ----A---- C:\WINDOWS\desktop.ini 2009-07-27 20:40:50 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-07-27 20:40:50 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-07-27 20:40:49 ----D---- C:\Program Files\Fichiers communs\Services 2009-07-27 20:40:48 ----A---- C:\WINDOWS\system32\inetres.dll 2009-07-27 20:40:47 ----A---- C:\WINDOWS\system32\isign32.dll 2009-07-27 20:40:47 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-07-27 20:40:47 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-07-27 20:40:47 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-07-27 20:40:39 ----N---- C:\WINDOWS\system32\qmgr.dll 2009-07-27 20:40:33 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-07-27 20:40:32 ----N---- C:\WINDOWS\system32\srsvc.dll 2009-07-27 20:40:32 ----A---- C:\WINDOWS\system32\srclient.dll 2009-07-27 20:40:31 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-07-27 20:40:31 ----A---- C:\WINDOWS\system32\msconf.dll 2009-07-27 20:40:31 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-07-27 20:40:31 ----A---- C:\WINDOWS\system32\ils.dll 2009-07-27 20:40:27 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-07-27 20:40:27 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-07-27 20:40:26 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-07-27 20:40:25 ----N---- C:\WINDOWS\system32\schedsvc.dll 2009-07-27 20:40:25 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-07-27 20:40:25 ----A---- C:\WINDOWS\system32\mstask.dll 2009-07-27 20:39:47 ----A---- C:\WINDOWS\vbaddin.ini 2009-07-27 20:39:47 ----A---- C:\WINDOWS\vb.ini 2009-07-27 20:39:02 ----HD---- C:\Program Files\WindowsUpdate 2009-07-27 20:39:02 ----D---- C:\Program Files\Services en ligne 2009-07-27 20:38:58 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-07-27 20:38:58 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-07-27 20:38:56 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-07-27 20:38:56 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-07-27 20:38:55 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-07-27 20:38:55 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-07-27 20:38:55 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-07-27 20:38:55 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-07-27 20:38:54 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-07-27 20:38:54 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-07-27 20:38:54 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-07-27 20:38:54 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-07-27 20:38:53 ----A---- C:\WINDOWS\system32\stclient.dll 2009-07-27 20:38:53 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-07-27 20:38:53 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-07-27 20:38:53 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-07-27 20:38:53 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-07-27 20:38:52 ----A---- C:\WINDOWS\system32\comuid.dll 2009-07-27 20:38:52 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-07-27 20:38:49 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-07-27 20:38:48 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-07-27 20:38:48 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-07-27 20:38:48 ----A---- C:\WINDOWS\system32\cmprops.dll 2009-07-27 20:38:47 ----A---- C:\WINDOWS\system32\spider.exe 2009-07-27 20:38:47 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-07-27 20:38:47 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-07-27 20:38:46 ----N---- C:\WINDOWS\system32\wuauclt.exe 2009-07-27 20:38:46 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-07-27 20:38:46 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-07-27 20:38:45 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-07-27 20:38:45 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-07-27 20:38:45 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-07-27 20:38:45 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-07-27 20:38:45 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-07-27 20:38:45 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-07-27 20:38:45 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-07-27 20:38:44 ----N---- C:\WINDOWS\system32\termsrv.dll 2009-07-27 20:38:44 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2009-07-27 20:38:44 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-07-27 20:38:44 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-07-27 20:38:44 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-07-27 20:38:44 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-07-27 20:38:44 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-07-27 20:38:36 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-07-27 20:34:00 ----A---- C:\WINDOWS\pnplog.txt 2009-07-27 20:31:27 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-07-27 20:29:10 ----A---- C:\WINDOWS\ODBCINST.INI 2009-07-27 20:29:02 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-07-27 20:29:02 ----A---- C:\WINDOWS\system32\irclass.dll 2009-07-27 20:29:01 ----A---- C:\WINDOWS\system32\storprop.dll 2009-07-27 20:28:41 ----RA---- C:\WINDOWS\SETC9.tmp 2009-07-27 20:28:38 ----RA---- C:\WINDOWS\SETBD.tmp 2009-07-09 04:27:54 ----A---- C:\WINDOWS\system32\NMSDVDXU.dll 2009-07-09 04:27:51 ----D---- C:\Documents and Settings\Squale\Application Data\LG Electronics 2009-07-09 04:27:20 ----D---- C:\Program Files\LG Electronics 2009-07-09 04:00:56 ----D---- C:\KU990I 2009-07-09 03:56:13 ----A---- C:\WINDOWS\system32\lgAxconfig.ini 2009-07-09 03:56:13 ----A---- C:\WINDOWS\system32\CommonDL.dll 2009-07-09 03:56:06 ----D---- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX 2009-07-07 11:16:42 ----D---- C:\Documents and Settings\Squale\Application Data\dvdcss 2009-07-07 11:16:39 ----D---- C:\Documents and Settings\Squale\Application Data\vlc 2009-07-07 11:15:12 ----D---- C:\Program Files\VideoLAN ======List of files/folders modified in the last 3 months====== 2009-09-28 20:02:35 ----RAD---- C:\Program Files 2009-09-28 18:25:34 ----D---- C:\Program Files\Mozilla Firefox 2009-09-28 17:17:31 ----D---- C:\Program Files\World of Warcraft 2009-09-28 17:12:56 ----D---- C:\WINDOWS\system32\ias 2009-09-28 17:12:53 ----A---- C:\WINDOWS\ModemLog_Câble de communication entre deux ordinateurs.txt 2009-09-28 17:12:53 ----A---- C:\WINDOWS\ModemLog_Câble de communication entre deux ordinateurs #2.txt 2009-09-28 17:11:36 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-28 15:27:18 ----SHD---- C:\System Volume Information 2009-09-28 15:27:18 ----D---- C:\WINDOWS\system32\Restore 2009-09-28 14:42:42 ----D---- C:\WINDOWS\system32\drivers 2009-09-28 14:42:22 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-28 14:40:40 ----D---- C:\WINDOWS\system 2009-09-28 14:40:39 ----D---- C:\WINDOWS\system32 2009-09-28 14:23:59 ----D---- C:\WINDOWS 2009-09-28 14:20:46 ----A---- C:\WINDOWS\system.ini 2009-09-28 13:25:06 ----D---- C:\Documents and Settings\Squale\Application Data\teamspeak2 2009-09-24 00:30:22 ----HD---- C:\WINDOWS\inf 2009-09-22 17:57:49 ----D---- C:\Documents and Settings\Squale\Application Data\uTorrent 2009-09-20 18:27:36 ----D---- C:\Documents and Settings\Squale\Application Data\Apple Computer 2009-09-20 05:15:25 ----SHD---- C:\WINDOWS\Installer 2009-09-20 05:12:59 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-20 05:10:44 ----D---- C:\Program Files\iPod 2009-09-20 05:10:38 ----D---- C:\Program Files\Fichiers communs\Apple 2009-09-11 00:00:38 ----D---- C:\Documents and Settings\Squale\Application Data\skypePM 2009-09-10 22:53:15 ----D---- C:\Documents and Settings\Squale\Application Data\Skype 2009-09-09 00:00:24 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-08 23:56:12 ----D---- C:\WINDOWS\AppPatch 2009-09-08 23:55:58 ----D---- C:\Program Files\Fichiers communs 2009-09-08 23:47:55 ----A---- C:\WINDOWS\imsins.BAK 2009-09-08 23:47:50 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-08 23:44:53 ----RASH---- C:\boot.ini 2009-09-08 20:00:53 ----RD---- C:\WINDOWS\web 2009-09-02 11:48:45 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-02 11:46:27 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-02 10:32:00 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-29 06:00:59 ----RSD---- C:\WINDOWS\assembly 2009-08-29 01:48:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-29 01:47:48 ----D---- C:\WINDOWS\WinSxS 2009-08-29 01:43:48 ----RSD---- C:\WINDOWS\Fonts 2009-08-29 01:43:20 ----D---- C:\WINDOWS\system32\spool 2009-08-28 23:38:20 ----A---- C:\WINDOWS\system32\MRT.exe 2009-08-28 19:42:52 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2009-08-27 21:54:40 ----D---- C:\Program Files\Outlook Express 2009-08-13 17:20:43 ----A---- C:\WINDOWS\system32\jscript.dll 2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-31 20:29:43 ----D---- C:\WINDOWS\system32\wbem 2009-07-30 12:20:02 ----D---- C:\Program Files\Messenger 2009-07-30 11:41:07 ----SD---- C:\WINDOWS\Tasks 2009-07-30 11:26:47 ----D---- C:\WINDOWS\system32\config 2009-07-29 18:25:00 ----A---- C:\WINDOWS\ntbtlog.txt 2009-07-29 12:56:00 ----D---- C:\WINDOWS\security 2009-07-29 12:45:00 ----D---- C:\WINDOWS\system32\Setup 2009-07-29 12:37:28 ----D---- C:\WINDOWS\Help 2009-07-29 12:37:26 ----D---- C:\WINDOWS\ime 2009-07-29 12:34:53 ----D---- C:\Program Files\Movie Maker 2009-07-29 12:34:53 ----D---- C:\Program Files\Internet Explorer 2009-07-29 12:34:52 ----D---- C:\WINDOWS\system32\npp 2009-07-29 12:34:50 ----D---- C:\WINDOWS\msagent 2009-07-29 12:34:48 ----D---- C:\WINDOWS\srchasst 2009-07-29 12:34:48 ----D---- C:\Program Files\NetMeeting 2009-07-29 12:34:46 ----D---- C:\WINDOWS\system32\Com 2009-07-29 12:34:44 ----D---- C:\Program Files\Windows Media Player 2009-07-29 12:34:43 ----D---- C:\Program Files\Windows NT 2009-07-29 12:34:37 ----D---- C:\Program Files\Fichiers communs\System 2009-07-29 12:34:07 ----D---- C:\WINDOWS\system32\oobe 2009-07-29 12:34:05 ----D---- C:\WINDOWS\system32\usmt 2009-07-29 12:31:26 ----RASH---- C:\NTDETECT.COM 2009-07-29 12:25:57 ----D---- C:\WINDOWS\EHome 2009-07-29 05:36:35 ----D---- C:\WINDOWS\SoftwareDistribution 2009-07-28 16:23:01 ----D---- C:\WINDOWS\Debug 2009-07-28 16:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$ 2009-07-28 16:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$ 2009-07-28 16:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$ 2009-07-28 16:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$ 2009-07-28 16:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$ 2009-07-28 16:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$ 2009-07-28 16:11:48 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$ 2009-07-28 16:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$ 2009-07-28 16:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$ 2009-07-28 16:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$ 2009-07-28 16:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$ 2009-07-28 15:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$ 2009-07-28 15:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$ 2009-07-28 15:51:12 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$ 2009-07-28 15:49:33 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-07-28 15:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$ 2009-07-28 15:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$ 2009-07-28 15:29:26 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$ 2009-07-28 15:27:13 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$ 2009-07-28 15:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$ 2009-07-28 15:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$ 2009-07-28 15:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$ 2009-07-28 15:20:23 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$ 2009-07-28 15:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$ 2009-07-28 15:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$ 2009-07-28 15:17:17 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$ 2009-07-28 15:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$ 2009-07-28 15:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$ 2009-07-28 15:13:38 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$ 2009-07-28 15:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$ 2009-07-28 15:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$ 2009-07-28 15:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$ 2009-07-28 15:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$ 2009-07-28 15:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$ 2009-07-28 15:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$ 2009-07-28 15:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$ 2009-07-28 15:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$ 2009-07-28 15:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$ 2009-07-28 15:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$ 2009-07-28 14:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$ 2009-07-28 14:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$ 2009-07-28 14:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$ 2009-07-28 14:55:30 ----D---- C:\WINDOWS\Cursors 2009-07-28 14:06:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2009-07-28 14:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$ 2009-07-28 02:51:18 ----D---- C:\WINDOWS\system32\mC02 2009-07-28 02:51:09 ----D---- C:\WINDOWS\system32\jg1 2009-07-27 22:20:53 ----D---- C:\WINDOWS\system32\1036 2009-07-27 22:20:48 ----D---- C:\WINDOWS\Media 2009-07-27 22:20:42 ----D---- C:\WINDOWS\twain_32 2009-07-27 22:20:20 ----D---- C:\WINDOWS\system32\icsxml 2009-07-27 22:19:33 ----D---- C:\WINDOWS\system32\1033 2009-07-27 22:18:05 ----D---- C:\WINDOWS\Driver Cache 2009-07-27 20:53:13 ----D---- C:\WINDOWS\Registration 2009-07-27 20:43:13 ----A---- C:\WINDOWS\win.ini 2009-07-27 20:43:04 ----A---- C:\WINDOWS\OEWABLog.txt 2009-07-27 20:41:27 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-07-27 20:28:46 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-07-18 18:03:49 ----N---- C:\WINDOWS\system32\mshtml.dll 2009-07-18 18:03:49 ----A---- C:\WINDOWS\system32\shdocvw.dll 2009-07-17 21:03:33 ----A---- C:\WINDOWS\system32\atl.dll 2009-07-14 13:03:14 ----A---- C:\WINDOWS\system32\tzchange.exe 2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll 2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 41856] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-11-05 5632] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-04-24 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-04-24 55936] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-10-29 3341824] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-24 12288] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696] R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-24 5888] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] S3 catchme;catchme; \??\C:\DOCUME~1\Squale\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [] S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 18848] S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS [] S3 ldiskl;ldiskl; \??\C:\DOCUME~1\Squale\LOCALS~1\Temp\ldiskl.sys [] S3 mod7700;Cinergy T USB XXS service; C:\WINDOWS\system32\DRIVERS\dvb7700all.sys [2007-11-16 449408] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys [] S3 ovt530;Webcam Deluxe; C:\WINDOWS\System32\Drivers\ov530vid.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [] S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\system32\XTrapD12.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-29 585728] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-23 152984] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Log.txt info.txt logfile of random's system information tool 1.06 2009-09-28 20:03:40 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Curse Client-->C:\Program Files\World of Warcraft\Interface\AddOns\Curse\uninstall.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761} LG USB Modem Driver-->"C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -runfromtemp -l0x040cLG -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8} Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe NVIDIA Audio Driver-->C:\WINDOWS\system32\nvuAudio.exe Uninstall C:\WINDOWS\system32\NvAudio.nvu,NVIDIA Audio Driver QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======System event log====== Computer Name: MARCHEAPC Event Code: 1003 Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 000C76619C57. Il s'est produit l'erreur suivante : L'opération a été annulée par l'utilisateur. . Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Record Number: 8743 Source Name: Dhcp Time Written: 20090908234200.000000+120 Event Type: Avertissement User: Computer Name: MARCHEAPC Event Code: 4201 Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{0FAE8D71-831E-4CEA-88E8-7ADE53145C27} était connectée au réseau, et a lancé une opération normale sur la carte réseau. Record Number: 8742 Source Name: Tcpip Time Written: 20090908234200.000000+120 Event Type: Informations User: Computer Name: MARCHEAPC Event Code: 4201 Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{0FAE8D71-831E-4CEA-88E8-7ADE53145C27} était connectée au réseau, et a lancé une opération normale sur la carte réseau. Record Number: 8741 Source Name: Tcpip Time Written: 20090908234145.000000+120 Event Type: Informations User: Computer Name: MARCHEAPC Event Code: 7034 Message: Le service Java Quick Starter s'est terminé de façon inattendue pour la 1ème fois. Record Number: 8740 Source Name: Service Control Manager Time Written: 20090908234133.000000+120 Event Type: erreur User: Computer Name: MARCHEAPC Event Code: 7036 Message: Le service Planificateur de tâches est entré dans l'état : arrêté. Record Number: 8739 Source Name: Service Control Manager Time Written: 20090908234117.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: MARCHEAPC Event Code: 1102 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 1013 Source Name: .NET Runtime Optimization Service Time Written: 20081118202421.000000+060 Event Type: User: Computer Name: MARCHEAPC Event Code: 1100 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 1012 Source Name: .NET Runtime Optimization Service Time Written: 20081118202420.000000+060 Event Type: Informations User: Computer Name: MARCHEAPC Event Code: 1102 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 1011 Source Name: .NET Runtime Optimization Service Time Written: 20081118202420.000000+060 Event Type: User: Computer Name: MARCHEAPC Event Code: 1100 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 1010 Source Name: .NET Runtime Optimization Service Time Written: 20081118202418.000000+060 Event Type: Informations User: Computer Name: MARCHEAPC Event Code: 1102 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 1009 Source Name: .NET Runtime Optimization Service Time Written: 20081118202418.000000+060 Event Type: User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Fichiers communs\DivX Shared;C:\Program Files\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0a00 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "VeriSign"=C:\Program Files\VeriSign "VeriSignTemp"=C:\Program Files\VeriSign\Temp "VRSN"=C:\Program Files\VeriSign "VRSNTemp"=C:\Program Files\VeriSign\Temp "windir"=%SystemRoot% "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- et voici l autre merci encore du temps que tu me consacre pear!
  8. Merci de ton aide Pear je vais tester!
  9. Fixdownadup m a dit ne pas avoir troupé downadup
  10. je vais tester tout ca !te remerciant par avance!
  11. Malwarebytes' Anti-Malware 1.39 Version de la base de données: 2421 Windows 5.1.2600 Service Pack 3 28/09/2009 14:40:40 mbam-log-2009-09-28 (14-40-40).txt Type de recherche: Examen rapide Eléments examinés: 82996 Temps écoulé: 5 minute(s), 43 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 7 Dossier(s) infecté(s): 7 Fichier(s) infecté(s): 14 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.98,85.255.112.137 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.98,85.255.112.137 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0fae8d71-831e-4cea-88e8-7ade53145c27}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.98,85.255.112.137 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.98,85.255.112.137 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0fae8d71-831e-4cea-88e8-7ade53145c27}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.98,85.255.112.137 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{0fae8d71-831e-4cea-88e8-7ade53145c27}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.98,85.255.112.137 -> Quarantined and deleted successfully. Dossier(s) infecté(s): c:\documents and settings\Squale\application data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\documents and settings\Squale\application data\winantivirus pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\DAP\LOG (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\DAP\NTLOG (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system\DRIVER (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\DAP (Trojan.Agent) -> Quarantined and deleted successfully. Fichier(s) infecté(s): c:\WINDOWS\system\DRIVER\New Text Document (5).txt (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\servicelogon.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\svchostlogon.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\win32.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\win32.dll~ (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Squale\application data\winantivirus pro 2006\Logs\update.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\cygwin1.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\Copy (12) of tt.txt (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\Copy (2) of 2.txt (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\cygcrypt-0.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\servicesmgr.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\Driver32.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system\DRIVER\winlogon.dll (Trojan.Agent) -> Quarantined and deleted successfully. et le rapport malwarebytes anti malware
  12. ComboFix 09-09-08.02 - Squale 28/09/2009 14:19.3.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1279.875 [GMT 2:00] Lancé depuis: c:\documents and settings\Squale\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090802-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . - Mode FONCTIONNALITES REDUITES - . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD RegistryCleaner\Vista Scheduler.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-28 )))))))))))))))))))))))))))))))))))) . 2009-09-20 03:10 . 2009-09-20 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-20 03:10 . 2009-09-20 03:12 -------- d-----w- c:\program files\iTunes 2009-09-20 03:03 . 2009-09-20 03:04 -------- d-----w- c:\program files\QuickTime 2009-09-08 20:48 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-08 12:54 . 2009-09-08 12:55 -------- d-----w- c:\documents and settings\Squale\Application Data\Gmail 2009-09-05 08:58 . 2009-09-27 22:17 -------- d-----w- c:\documents and settings\Squale\Local Settings\Application Data\CurseClient . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 11:25 . 2005-04-10 05:43 -------- d-----w- c:\documents and settings\Squale\Application Data\teamspeak2 2009-09-26 03:11 . 2009-01-29 19:09 -------- d-----w- c:\program files\World of Warcraft 2009-09-22 18:58 . 2009-07-07 09:16 -------- d-----w- c:\documents and settings\Squale\Application Data\vlc 2009-09-22 15:57 . 2009-01-26 16:00 -------- d-----w- c:\documents and settings\Squale\Application Data\uTorrent 2009-09-20 16:27 . 2005-08-23 09:25 -------- d-----w- c:\documents and settings\Squale\Application Data\Apple Computer 2009-09-20 03:10 . 2008-10-05 19:50 -------- d-----w- c:\program files\iPod 2009-09-20 03:10 . 2008-10-01 18:21 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-09-10 22:00 . 2009-06-11 16:36 -------- d-----w- c:\documents and settings\Squale\Application Data\skypePM 2009-09-10 20:53 . 2006-06-19 18:01 -------- d-----w- c:\documents and settings\Squale\Application Data\Skype 2009-09-09 10:08 . 2009-07-07 09:16 -------- d-----w- c:\documents and settings\Squale\Application Data\dvdcss 2009-09-08 12:59 . 2009-07-28 18:01 4958032 ----a-w- c:\documents and settings\Squale\Application Data\pdinstall.exe 2009-09-02 09:46 . 2009-07-09 02:27 -------- d-----w- c:\program files\LG Electronics 2009-09-02 09:46 . 2004-11-18 22:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-02 09:45 . 2009-07-09 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX 2009-08-29 00:29 . 2004-11-18 21:32 38576 ----a-w- c:\documents and settings\Squale\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-28 23:48 . 2003-04-24 12:00 84526 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-28 23:48 . 2003-04-24 12:00 510324 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-28 23:43 . 2009-08-28 23:43 -------- d-----w- c:\program files\MSBuild 2009-08-28 23:43 . 2009-08-28 23:43 -------- d-----w- c:\program files\Reference Assemblies 2009-08-28 17:42 . 2009-03-18 08:48 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-28 17:42 . 2008-10-08 11:16 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-28 16:16 . 2009-08-28 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-08-05 09:00 . 2003-04-24 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 09:24 . 2009-07-29 09:24 321566 ----a-w- c:\windows\system32\wininet.zip 2009-07-27 18:40 . 2004-11-17 21:43 22728 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-17 19:03 . 2003-04-24 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-10 23:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-13 11:36 . 2009-07-29 12:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2009-07-29 12:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2005-01-16 16:19 . 2005-04-13 11:35 4608 --sha-r- c:\windows\system\DRIVER\cygcrypt-0.dll 2005-01-16 16:19 . 2005-04-13 11:35 1140617 --sha-r- c:\windows\system\DRIVER\cygwin1.dll 2005-01-28 10:30 . 2005-04-13 11:35 1478 --sha-r- c:\windows\system\DRIVER\servicelogon.dll 2005-04-13 11:35 . 2005-04-13 11:35 1877 --sha-r- c:\windows\system\DRIVER\servicesmgr.dll 2005-01-28 10:30 . 2005-04-13 11:35 1477 --sh--r- c:\windows\system\DRIVER\svchostlogon.dll 2005-04-13 11:35 . 2005-04-13 11:35 1575 --sha-r- c:\windows\system\DRIVER\winlogon.dll 2005-01-27 22:11 . 2005-01-27 22:11 56 --sh--r- c:\windows\system32\05A15D8C63.sys 2006-05-03 09:06 . 2008-10-14 21:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2008-10-14 21:54 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2008-10-14 21:54 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2004-08-19 23:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\mspmsnsv.dll [-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll . ((((((((((((((((((((((((((((( SnapShot_2009-09-08_21.59.16 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-02 15:42 . 2009-08-28 08:36 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2008-10-02 15:42 . 2009-09-27 09:55 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-09-20 02:57 . 2009-08-28 17:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys + 2009-09-20 03:13 . 2009-05-18 12:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys + 2008-01-29 10:01 . 2009-05-18 12:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys + 2008-01-29 10:02 . 2008-04-17 11:12 107368 c:\windows\system32\GEARAspi.dll - 2008-01-29 10:02 . 2008-04-17 10:12 107368 c:\windows\system32\GEARAspi.dll + 2009-09-20 03:13 . 2008-04-17 11:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll + 2009-09-20 03:01 . 2009-09-20 03:01 694272 c:\windows\Installer\1add76a.msi + 2009-09-20 03:14 . 2009-09-20 03:14 102400 c:\windows\Installer\{EC2A8F27-4FBF-4E41-B27B-FE822511B761}\iTunesIco.exe + 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2009-09-20 02:57 . 2009-08-28 17:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll + 2009-09-20 03:14 . 2009-09-20 03:14 4597248 c:\windows\Installer\1addd8a.msi + 2009-09-20 03:05 . 2009-09-20 03:05 1679872 c:\windows\Installer\1adda42.msi + 2009-09-20 03:04 . 2009-09-20 03:04 9013760 c:\windows\Installer\1add9f5.msi + 2009-09-20 02:58 . 2009-09-20 02:58 3310592 c:\windows\Installer\1add762.msi . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "CurseClient"="c:\program files\World of Warcraft\Interface\AddOns\Curse\CurseClient.exe" [2009-06-08 1934336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "sunjavaupdatesched"="c:\program files\java\jre6\bin\jusched.exe" [2008-11-23 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "realtekc"="c:\documents and settings\Squale\Application Data\Gmail\rygwz7313434.exe" [2009-09-08 130048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\World of Warcraft\\Interface\\AddOns\\Curse\\CurseClient.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/07/2009 20:56 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/07/2009 20:56 20560] S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?] S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 12:35 18848] S3 ldiskl;ldiskl;\??\c:\docume~1\Squale\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\Squale\LOCALS~1\Temp\ldiskl.sys [?] S3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys --> c:\windows\system32\Drivers\ov530vid.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Squale\Application Data\Mozilla\Firefox\Profiles\6v1xmfdc.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/r/hf FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-28 14:20 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run sunjavaupdatesched = "c:\program files\java\jre6\bin\jusched.exe"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-746137067-57989841-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-746137067-57989841-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:70,05,5d,ce,35,e4,83,ae,14,6b,06,17,98,07,4c,23,11,0f,3d,56,4d,81,7b, 93,fd,eb,7d,4f,23,ba,78,16,43,b3,06,ff,be,6b,77,1d,8a,c0,57,39,38,f9,55,5d,\ "??"=hex:dc,b4,33,50,1d,78,93,6c,5a,54,84,48,f5,33,17,45 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):fe,04,7e,5e,39,a0,d0,b6,6f,4b,62,c0,24,78,4b,13,2d,b9,28,c0,2c, 56,c3,fc,cc,e7,b4,ce,3a,08,52,5b,10,52,3d,3d,48,05,57,98,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{78522c3f-90da-4a90-b89c-64da8db98ba7}] @Denied: (Full) (Everyone) "Model"=dword:0000001f "Therad"=dword:0000001f "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,ab,9e,50,1b,eb,77,d1,ab,b5,66,4a,d0,23,02,d0,61,d1,48,b3,70,7f,ce,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(776) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2009-09-28 14:23 ComboFix-quarantined-files.txt 2009-09-28 12:22 ComboFix2.txt 2009-09-08 22:04 ComboFix3.txt 2009-07-30 09:41 Avant-CF: 20 387 266 560 octets libres Après-CF: 20 366 610 432 octets libres Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 203 --- E O F --- 2009-09-08 21:49 Voici le rapport combofix
  13. Voila Bonjour Alex,19ans donc jai parcouru moult topics et moult forums pour essayer de dégager ce bug qui est loin de n avoir ciblé que moi je l ai viré une premiere fois on va dire plus ou moins manuellement a l aide de combofix et d un ami,sauf que la he is back in black Je n y connais absolument rien en informatique et si vous pouviez sauver mon ordinateur ca m arrangerait,apres avoir lu pas mal de topics il y a ici apparement des magiciens! win32.conflicker.c la page d accueil mozilla qui me demande si je veux continuer non protégé et me proposant de download un antivirus et un message popant toute les 10mins recopiant le firewall windows qui m explique la présence de cette peste Voila,save me please
×
×
  • Créer...