Aller au contenu

FURIOUS BOB

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    23

  • Inscription

  • Dernière visite

FURIOUS BOB's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. FURIOUS BOB
    Besoin d'aide, svp !!
  2. FURIOUS BOB
    bonjour a tous, mon PC est sans doute vérolé par je ne sais bien quoi : navigteur google chrome bloqué, seul internet explorer fonctionne presque mais sans icone, ni aucune image, liens décalés ... juste avant que les dysfonctionnements s'accentue j'ai supprimé "navigateur offerbox", programme malveillant que j'ai eu un peu de mal à enlever... je le soupçonne d'être la source du problème mais sans certitude, depuis je galère sec. le PC est sous Windows 7, avec mac afee acheté récemment. je l'ai scanné avec mon antivirus, MBAM, Ccleaner, f secure en ligne ..bref : Y'a -t'il un bienveillant qui pourrait m'aider à éliminer le malveillant qui sabote mon ordi ? D'avance merci,
  3. FURIOUS BOB
    Salut oGu, J'ai une partition du disque dur interne en 4 je n'en ai pas en version externe il reste 28.6 Go de libre sur le disque de données, 20 Go sur le back up et 2.8 Go sur le recover pour la partie de la manip par RegFIX je le fais avec quel logiciel ??? j'ai déjà executer les deux premières A+
  4. FURIOUS BOB

    Merci de ton aide et de ton expertise !!

    La lutte armée contre la vermine numérique continue,

    aligatou gozaimasu

    oGu-san

  5. FURIOUS BOB
    J'ai viré spybot, je fait confiance à ton expérience et garde MBAM ! je galere un peuen fait, le PC est plus rapide et marche bien 95 % du temps mais il plante de temps en temps notamment sur le panneau de config par exemple ! hier blocage puis écran bleu avec MACHINE_CHSAISPAKOI_EXCEPTION vide de la mémoire physique(tout en bas), redémmarage imposé au bouton on/off (désolé c'est pas trés clair mais j'ai pas trop observé le truc) bref la panique : si ce n'est pas un programme malveillant, je me demande si j'ai pas un élément de la tour qui rend l'âme .... voici le rapport Rsit A+ Logfile of random's system information tool 1.06 (written by random/random) Run by DELAPAMPA at 2009-11-25 18:48:15 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 24 GB (25%) free of 94 GB Total RAM: 1023 MB (47% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:48:25, on 25/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\DELAPAMPA\Mes documents\Downloads\RSIT (1).exe C:\Program Files\Trend Micro\HijackThis\DELAPAMPA.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop.free.fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {72ED067B-303D-48A2-8211-AFD8D98BE44A} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: (no name) - {CAE07211-9B79-4392-B6D6-59C7800ECD9F} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk.disabled O4 - Global Startup: Assistant d'Acrobat.lnk.disabled O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206711224812 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207653252687 O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://C:\Program Files\MDT6\AcDcToday.ocx O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\MDT6\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Program Files\MDT6\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://C:\Program Files\MDT6\AcPreview.ocx O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11247 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72ED067B-303D-48A2-8211-AFD8D98BE44A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAE07211-9B79-4392-B6D6-59C7800ECD9F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-24 344064] "Dit"=C:\WINDOWS\Dit.exe [2004-07-20 90112] "CHotkey"=C:\WINDOWS\mHotkey.exe [2004-02-24 508416] "ledpointer"=C:\WINDOWS\CNYHKey.exe [2004-02-03 5794816] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209] "PCMService"=C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [2004-11-09 81920] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632] "PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528] "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552] "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536] "ASUS Camera ScreenSaver"=C:\WINDOWS\ASScrProlog.exe [2008-10-31 37232] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk.disabled - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Assistant d'Acrobat.lnk.disabled - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe BTTray.lnk - C:\Program Files\MSI\Bluetooth Software\BTTray.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-11-24 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticecaption"= "legalnoticetext"= [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======File associations====== .scr - open - C:\WINDOWS\NOTEPAD.EXE "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-11-19 16:55:37 ----D---- C:\Program Files\Avira 2009-11-19 16:55:37 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-11-13 13:04:19 ----D---- C:\WINDOWS\temp 2009-11-13 13:04:17 ----A---- C:\ComboFix.txt 2009-11-13 12:48:29 ----D---- C:\ComboFix 2009-11-12 11:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2009-11-11 11:01:16 ----A---- C:\WINDOWS\zip.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\SWSC.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\SWREG.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\sed.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\PEV.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\NIRCMD.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\MBR.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\grep.exe 2009-10-29 20:49:09 ----A---- C:\Boot.bak 2009-10-29 20:49:01 ----RASHD---- C:\cmdcons 2009-10-26 20:02:12 ----D---- C:\rsit 2009-10-26 13:50:03 ----D---- C:\Program Files\Trend Micro ======List of files/folders modified in the last 1 months====== 2009-11-25 18:48:24 ----D---- C:\WINDOWS\Prefetch 2009-11-25 18:48:08 ----D---- C:\Documents and Settings\DELAPAMPA\Application Data\uTorrent 2009-11-25 18:48:04 ----A---- C:\WINDOWS\NeroDigital.ini 2009-11-25 08:54:03 ----D---- C:\WINDOWS\system32 2009-11-25 08:54:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-11-25 08:53:24 ----SD---- C:\WINDOWS\Tasks 2009-11-25 08:50:34 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-25 08:50:09 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt 2009-11-25 08:49:38 ----D---- C:\WINDOWS\Minidump 2009-11-25 08:49:33 ----D---- C:\WINDOWS 2009-11-21 11:52:03 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-19 16:56:10 ----HD---- C:\WINDOWS\inf 2009-11-19 16:56:10 ----D---- C:\WINDOWS\system32\drivers 2009-11-19 16:55:37 ----RAD---- C:\Program Files 2009-11-19 08:22:26 ----SHD---- C:\WINDOWS\Installer 2009-11-19 08:22:26 ----D---- C:\Config.Msi 2009-11-19 08:22:24 ----D---- C:\WINDOWS\WinSxS 2009-11-19 08:22:22 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-11-14 15:06:00 ----D---- C:\Program Files\Mozilla Firefox 2009-11-13 13:04:20 ----D---- C:\QooBox 2009-11-13 12:57:06 ----A---- C:\WINDOWS\system.ini 2009-11-13 12:54:01 ----D---- C:\WINDOWS\AppPatch 2009-11-13 12:53:59 ----D---- C:\Program Files\Fichiers communs 2009-11-13 12:45:11 ----SHD---- C:\System Volume Information 2009-11-13 12:45:11 ----D---- C:\WINDOWS\system32\Restore 2009-11-12 11:23:40 ----A---- C:\WINDOWS\win.ini 2009-11-12 11:21:16 ----D---- C:\WINDOWS\Debug 2009-11-12 11:20:11 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-11-11 11:42:35 ----HD---- C:\WINDOWS\$hf_mig$ 2009-11-11 11:07:42 ----D---- C:\WINDOWS\system32\config 2009-11-11 11:07:32 ----D---- C:\WINDOWS\erdnt 2009-11-11 11:07:12 ----D---- C:\Program Files\Google 2009-11-11 10:02:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-09 19:51:50 ----D---- C:\Documents and Settings\DELAPAMPA\Application Data\Lavasoft 2009-11-09 19:51:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe 2009-11-02 20:42:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe 2009-11-02 19:50:58 ----D---- C:\RECYCLER 2009-10-31 14:05:22 ----D---- C:\WINDOWS\system32\wbem 2009-10-30 08:14:13 ----D---- C:\Program Files\TF1Vision 2009-10-29 21:14:27 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-10-29 20:53:46 ----RSD---- C:\WINDOWS\Fonts 2009-10-29 20:49:09 ----RASH---- C:\boot.ini 2009-10-26 13:51:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-11-24 28520] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-24 55656] R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-11-24 872960] R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-03 105984] R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-03-31 16640] R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-03-31 30235] R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-03-31 146684] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-12-17 804800] R3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver; C:\WINDOWS\system32\DRIVERS\FA31XND5.SYS [2002-05-15 16007] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288] R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-03 13824] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-20 33280] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-20 12928] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760] R3 PRISM_A00;CREATIX 802.11g Driver; C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888] R3 UKBFLT;UKBFLT; C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [] S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-04 1066278] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-03-31 52856] S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR; C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 16074] S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2000-11-07 17490] S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2000-11-07 45965] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2001-12-11 37087] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem; C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547] S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [] S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 X10UIF;%DESCRIPTION%; C:\WINDOWS\System32\Drivers\x10uif.sys [2001-11-14 10761] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-07-08 103936] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-07-08 103936] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-07-08 103936] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-24 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-24 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-11-24 425984] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe [2004-03-31 135168] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168] R3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S2 qgehicwx;USB Serial Converter Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-05-19 68096] S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-22 61440] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-14 1836544] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2002-03-13 65536] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  6. FURIOUS BOB
    salut , oui je l'ai fait, mais comment je procède ? oh fait par quoi remplcaer spybot selon toi?
  7. FURIOUS BOB
    Salut! le voici Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tkrhoghe] ⴠⴭⴭⴭⴭⴭⴭ਍Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tkrhoghe] ⴠⴭⴭⴭⴭⴭⴭ਍ merci pour ces infos. Il faut donc que j'investisse dans un nouveau disque externe avant de faire le ghost.
  8. FURIOUS BOB
    Salut oGu, Le rapport est ici. Merci, t'es un chef, mon ordi rame bien moins désormais ! J'ai encore deux questions, purement technique cette fois : 1/Sais tu comment on procède pour faire un ghost CD? 2/Avec spybot + antivir, dois je rajouter autre chose pour sécuriser au mieux mon PC ? ComboFix 09-11-13.04 - DELAPAMPA 13/11/2009 12:49.11.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.428 [GMT 1:00] Lancé depuis: c:\documents and settings\DELAPAMPA\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\DELAPAMPA\Bureau\CFScript (3).txt AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: BullGuard 5.0 antivirus *On-access scanning disabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard 5.0 firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} FILE :: "c:\program files\google\googletoolbar1.dll" "c:\windows\TEMP\TMP0000001F96B43AD95BD351D8" . ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-13 au 2009-11-13 )))))))))))))))))))))))))))))))))))) . 2009-11-09 18:57 . 2009-11-09 18:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-09 18:55 . 2008-10-30 09:21 75072 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-09 18:55 . 2008-05-09 11:15 45376 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-09 18:55 . 2008-01-21 16:11 22336 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-09 18:55 . 2009-11-09 18:55 -------- d-----w- c:\program files\Avira 2009-11-09 18:55 . 2009-11-09 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-26 19:02 . 2009-10-26 19:02 -------- d-----w- C:\rsit 2009-10-26 12:50 . 2009-10-26 12:50 -------- d-----w- c:\program files\Trend Micro 2009-10-16 15:51 . 2009-10-06 11:40 545280 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-10-16 15:51 . 2009-10-06 11:40 344064 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2009-10-16 15:51 . 2009-10-06 11:40 153600 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2009-10-16 15:51 . 2009-10-06 11:40 103424 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-10-16 15:51 . 2009-10-06 11:40 4716544 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\components\cooliris.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-13 11:47 . 2005-03-07 18:27 84702 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-13 11:47 . 2005-03-07 18:27 510144 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-13 11:43 . 2005-03-08 14:26 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2009-11-12 23:24 . 2007-09-02 20:02 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\uTorrent 2009-11-11 10:07 . 2005-10-17 17:07 -------- d-----w- c:\program files\Google 2009-11-11 09:02 . 2006-03-05 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-09 18:51 . 2006-05-05 19:18 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\Lavasoft 2009-11-02 19:42 . 2009-10-03 12:47 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-30 07:14 . 2007-09-02 21:01 -------- d-----w- c:\program files\TF1Vision 2009-10-29 20:14 . 2006-03-05 16:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-26 12:51 . 2008-10-09 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-11 14:18 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2008-10-09 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2008-10-09 17:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:04 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:56 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:01 . 2004-08-05 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-23 02:28 . 2005-05-19 18:04 99152 ----a-w- c:\documents and settings\DELAPAMPA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2007-11-14 11:57 . 2007-11-14 11:57 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-29_19.56.50 ))))))))))))))))))))))))))))))))))))))))) . - 2005-03-07 18:27 . 2009-10-26 19:03 71320 c:\windows\system32\perfc009.dat + 2005-03-07 18:27 . 2009-11-13 11:47 71320 c:\windows\system32\perfc009.dat + 2008-01-24 11:46 . 2007-11-08 17:03 21248 c:\windows\system32\drivers\ssmdrv.sys - 2009-10-20 00:45 . 2009-10-20 00:45 38240 c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe + 2009-11-12 10:22 . 2009-11-12 10:22 38240 c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe - 2005-09-10 18:00 . 2009-10-14 20:27 23040 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2005-09-10 18:00 . 2009-11-12 10:23 23040 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2005-09-10 18:00 . 2009-10-14 20:27 61440 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2005-09-10 18:00 . 2009-11-12 10:23 61440 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2005-09-10 18:00 . 2009-10-14 20:27 27136 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2005-09-10 18:00 . 2009-11-12 10:23 27136 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2005-09-10 18:00 . 2009-11-12 10:23 11264 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2005-09-10 18:00 . 2009-10-14 20:27 11264 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2005-09-10 18:00 . 2009-10-14 20:27 86016 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2005-09-10 18:00 . 2009-11-12 10:23 86016 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2005-09-10 18:00 . 2009-10-14 20:27 12288 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2005-09-10 18:00 . 2009-11-12 10:23 12288 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2005-09-10 18:00 . 2009-11-12 10:23 4096 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2005-09-10 18:00 . 2009-10-14 20:27 4096 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2005-03-07 18:27 . 2009-10-26 19:03 440654 c:\windows\system32\perfh009.dat + 2005-03-07 18:27 . 2009-11-13 11:47 440654 c:\windows\system32\perfh009.dat + 2005-03-07 11:33 . 2009-11-12 10:35 355360 c:\windows\system32\FNTCACHE.DAT - 2005-03-07 11:33 . 2009-08-23 02:28 355360 c:\windows\system32\FNTCACHE.DAT + 2005-09-10 18:00 . 2009-11-12 10:23 409600 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2005-09-10 18:00 . 2009-10-14 20:27 409600 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2005-09-10 18:00 . 2009-11-12 10:23 286720 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2005-09-10 18:00 . 2009-10-14 20:27 286720 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2005-09-10 18:00 . 2009-11-12 10:23 249856 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2005-09-10 18:00 . 2009-10-14 20:27 249856 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2005-09-10 18:00 . 2009-11-12 10:23 794624 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2005-09-10 18:00 . 2009-10-14 20:27 794624 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2005-09-10 18:00 . 2009-10-14 20:27 135168 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe + 2005-09-10 18:00 . 2009-11-12 10:23 135168 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe + 2005-09-10 18:00 . 2009-11-12 10:23 593920 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2005-09-10 18:00 . 2009-10-14 20:27 593920 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2009-11-04 19:37 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-04 19:37 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe + 2004-08-05 12:00 . 2009-08-14 15:13 1850752 c:\windows\system32\win32k.sys + 2004-08-05 12:00 . 2009-10-22 09:17 5939712 c:\windows\system32\mshtml.dll + 2008-10-15 06:48 . 2009-08-14 15:13 1850752 c:\windows\system32\dllcache\win32k.sys + 2004-08-05 12:00 . 2009-10-22 09:17 5939712 c:\windows\system32\dllcache\mshtml.dll + 2009-10-22 11:46 . 2009-10-22 11:46 6821888 c:\windows\Installer\5311697.msp + 2009-08-18 11:58 . 2009-08-18 11:58 8301056 c:\windows\Installer\531167f.msp + 2009-10-06 17:40 . 2009-10-06 17:40 7681024 c:\windows\Installer\5311674.msp + 2009-10-22 11:28 . 2009-10-22 11:28 5521408 c:\windows\Installer\531165c.msp + 2009-11-04 19:37 . 2009-08-29 07:56 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll + 2005-05-22 12:03 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 344064] "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2004-11-09 81920] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-31 37232] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Dit"="Dit.exe" - c:\windows\Dit.exe [2004-07-20 90112] "CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-02-24 508416] "ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-02-03 5794816] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-05 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk.disabled [2005-5-19 1958] Assistant d'Acrobat.lnk.disabled [2005-5-19 1862] BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tkrhoghe] [bU] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57245:TCP"= 57245:TCP:Pando P2P TCP Listening Port "57245:UDP"= 57245:UDP:Pando P2P UDP Listening Port R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [07/03/2005 10:52 945152] R3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31XND5.SYS [18/11/2005 21:17 16007] R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [08/03/2005 16:59 380736] R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [08/03/2005 15:30 11672] S2 qgehicwx;USB Serial Converter Helper;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 13:00 14336] S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/03/2005 15:26 17408] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [16/02/2006 21:22 31547] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-13 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://home.neuf.fr/ uInternet Settings,ProxyServer = pop.free.fr uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI141_01.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - BHO-{72ED067B-303D-48A2-8211-AFD8D98BE44A} - (no file) BHO-{CAE07211-9B79-4392-B6D6-59C7800ECD9F} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-13 12:57 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(572) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3800) c:\program files\CyberLink\Shared Files\CLRCEngine.dll c:\windows\HKCYDLL.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\eappprxy.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\MSI\Bluetooth Software\bin\btwdins.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2009-11-13 13:04 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-13 12:04 ComboFix2.txt 2009-11-11 10:14 ComboFix3.txt 2009-11-04 18:12 ComboFix4.txt 2009-11-04 11:55 ComboFix5.txt 2009-11-13 11:48 Avant-CF: 30 275 923 968 octets libres Après-CF: 30 237 085 696 octets libres - - End Of File - - 128176A5A380A17609A5E32092B67DA5
  9. FURIOUS BOB
    Logfile of random's system information tool 1.06 (written by random/random) Run by DELAPAMPA at 2009-11-11 12:30:12 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 30 GB (32%) free of 94 GB Total RAM: 1023 MB (36% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:27, on 11/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\MSI\Bluetooth Software\BTTray.exe C:\WINDOWS\explorer.exe C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe c:\program files\avira\antivir personaledition classic\avcenter.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\DELAPAMPA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\DELAPAMPA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\DELAPAMPA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\DELAPAMPA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\DELAPAMPA\Mes documents\Downloads\RSIT (2).exe C:\Program Files\Trend Micro\HijackThis\DELAPAMPA.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop.free.fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk.disabled O4 - Global Startup: Assistant d'Acrobat.lnk.disabled O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206711224812 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207653252687 O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://C:\Program Files\MDT6\AcDcToday.ocx O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\MDT6\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Program Files\MDT6\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://C:\Program Files\MDT6\AcPreview.ocx O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11592 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-24 344064] "Dit"=C:\WINDOWS\Dit.exe [2004-07-20 90112] "CHotkey"=C:\WINDOWS\mHotkey.exe [2004-02-24 508416] "ledpointer"=C:\WINDOWS\CNYHKey.exe [2004-02-03 5794816] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209] "PCMService"=C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [2004-11-09 81920] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632] "PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528] "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552] "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536] "ASUS Camera ScreenSaver"=C:\WINDOWS\ASScrProlog.exe [2008-10-31 37232] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk.disabled - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Assistant d'Acrobat.lnk.disabled - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe BTTray.lnk - C:\Program Files\MSI\Bluetooth Software\BTTray.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-11-24 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticecaption"= "legalnoticetext"= [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======File associations====== .scr - open - C:\WINDOWS\NOTEPAD.EXE "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-11-11 11:42:34 ----D---- C:\WINDOWS\LastGood 2009-11-11 11:14:43 ----D---- C:\WINDOWS\temp 2009-11-11 11:14:41 ----A---- C:\ComboFix.txt 2009-11-11 11:01:16 ----A---- C:\WINDOWS\zip.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\SWSC.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\SWREG.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\sed.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\PEV.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\NIRCMD.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\MBR.exe 2009-11-11 11:01:16 ----A---- C:\WINDOWS\grep.exe 2009-11-09 19:55:28 ----D---- C:\Program Files\Avira 2009-11-09 19:55:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-10-29 20:49:09 ----A---- C:\Boot.bak 2009-10-29 20:49:01 ----RASHD---- C:\cmdcons 2009-10-26 20:02:12 ----D---- C:\rsit 2009-10-26 13:50:03 ----D---- C:\Program Files\Trend Micro ======List of files/folders modified in the last 1 months====== 2009-11-11 12:30:20 ----D---- C:\WINDOWS\Prefetch 2009-11-11 11:46:46 ----HD---- C:\WINDOWS\inf 2009-11-11 11:42:35 ----HD---- C:\WINDOWS\$hf_mig$ 2009-11-11 11:42:34 ----D---- C:\WINDOWS 2009-11-11 11:26:15 ----D---- C:\WINDOWS\system32 2009-11-11 11:26:14 ----D---- C:\Program Files\Mozilla Firefox 2009-11-11 11:14:44 ----D---- C:\WINDOWS\system32\drivers 2009-11-11 11:14:06 ----D---- C:\QooBox 2009-11-11 11:13:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-11-11 11:12:33 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-11 11:12:26 ----SD---- C:\WINDOWS\Tasks 2009-11-11 11:09:39 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt 2009-11-11 11:09:36 ----A---- C:\WINDOWS\system.ini 2009-11-11 11:07:42 ----D---- C:\WINDOWS\system32\config 2009-11-11 11:07:32 ----D---- C:\WINDOWS\erdnt 2009-11-11 11:07:14 ----RAD---- C:\Program Files 2009-11-11 11:07:12 ----D---- C:\Program Files\Google 2009-11-11 11:06:07 ----D---- C:\WINDOWS\AppPatch 2009-11-11 11:06:01 ----D---- C:\Program Files\Fichiers communs 2009-11-11 11:01:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-11 10:02:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-09 19:51:50 ----D---- C:\Documents and Settings\DELAPAMPA\Application Data\Lavasoft 2009-11-09 19:51:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-11-04 20:37:54 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-11-04 12:41:53 ----A---- C:\WINDOWS\NeroDigital.ini 2009-11-04 12:33:26 ----D---- C:\Documents and Settings\DELAPAMPA\Application Data\uTorrent 2009-11-02 20:42:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe 2009-11-02 19:50:58 ----D---- C:\RECYCLER 2009-10-31 14:05:22 ----D---- C:\WINDOWS\system32\wbem 2009-10-30 08:14:13 ----D---- C:\Program Files\TF1Vision 2009-10-29 21:14:27 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-10-29 20:53:46 ----RSD---- C:\WINDOWS\Fonts 2009-10-29 20:49:09 ----RASH---- C:\boot.ini 2009-10-26 13:51:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-10-22 10:17:28 ----N---- C:\WINDOWS\system32\mshtml.dll 2009-10-20 01:45:42 ----SHD---- C:\WINDOWS\Installer 2009-10-20 01:45:42 ----D---- C:\Config.Msi 2009-10-15 11:35:35 ----D---- C:\WINDOWS\Microsoft.NET 2009-10-15 11:35:33 ----RSD---- C:\WINDOWS\assembly 2009-10-15 11:27:20 ----D---- C:\WINDOWS\Debug 2009-10-14 21:30:50 ----D---- C:\WINDOWS\WinSxS 2009-10-14 21:28:11 ----D---- C:\Program Files\Internet Explorer 2009-10-14 21:22:44 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-11-24 872960] R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-03 105984] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-03-31 16640] R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-03-31 30235] R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-03-31 146684] R3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-12-17 804800] R3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver; C:\WINDOWS\system32\DRIVERS\FA31XND5.SYS [2002-05-15 16007] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288] R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-03 13824] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-20 33280] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-20 12928] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760] R3 PRISM_A00;CREATIX 802.11g Driver; C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888] R3 UKBFLT;UKBFLT; C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [] S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-04 1066278] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-03-31 52856] S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR; C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 16074] S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2000-11-07 17490] S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2000-11-07 45965] S3 mbr;mbr; \??\C:\DOCUME~1\DELAPA~1\LOCALS~1\Temp\mbr.sys [] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2001-12-11 37087] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem; C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547] S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [] S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 X10UIF;%DESCRIPTION%; C:\WINDOWS\System32\Drivers\x10uif.sys [2001-11-14 10761] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-07-08 103936] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-07-08 103936] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-07-08 103936] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-11-24 425984] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe [2004-03-31 135168] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168] R3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S2 qgehicwx;USB Serial Converter Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-05-19 68096] S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-22 61440] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-14 1836544] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2002-03-13 65536] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  10. FURIOUS BOB
    salut oGu ! voici les rapports antivir + combofix Avira AntiVir Personal Date de création du fichier de rapport : mardi 10 novembre 2009 12:00 La recherche porte sur 1038808 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows XP Version de Windows :(Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur :MEDIO19MAI05 Informations de version : BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13 ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:16:47 ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 16:38:59 Version du moteur: 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 15:06:41 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 15:06:41 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 15:06:41 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Disques durs locaux Fichier de configuration.........: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, D:, E:, F:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: arrêt Fichier mode de recherche........: Sélection de fichiers intelligente Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Début de la recherche : mardi 10 novembre 2009 12:00 La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés Processus de recherche 'guardgui.exe' - '1' module(s) sont contrôlés Processus de recherche 'MpCmdRun.exe' - '1' module(s) sont contrôlés Processus de recherche 'avnotify.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'BrccMCtl.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'btwdins.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'QTTask.exe' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'pptd40nt.exe' - '1' module(s) sont contrôlés Processus de recherche 'ipoint.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés Processus de recherche 'AGRSMMSG.exe' - '1' module(s) sont contrôlés Processus de recherche 'CNYHKey.exe' - '1' module(s) sont contrôlés Processus de recherche 'mHotkey.exe' - '1' module(s) sont contrôlés Processus de recherche 'Dit.exe' - '1' module(s) sont contrôlés Processus de recherche 'atiptaxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'MsMpEng.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '47' processus ont été contrôlés avec '47' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD2 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD3 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD4 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. Secteur d'amorçage maître HD5 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. Secteur d'amorçage maître HD6 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'E:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'F:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '72' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <BOOT> C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\Documents and Settings\DELAPAMPA\Bureau\ComboFix.exe [0] Type d'archive: RAR SFX (self extracting) --> 32788R22FWJFW\n.pif [RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted) [AVERTISSEMENT] Fichier ignoré. C:\Documents and Settings\DELAPAMPA\Mes documents\Downloads\ComboFix.exe [0] Type d'archive: RAR SFX (self extracting) --> 32788R22FWJFW\n.pif [RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted) [AVERTISSEMENT] Fichier ignoré. C:\System Volume Information\_restore{490945C7-5CD8-4349-9148-F4444C2648AE}\RP831\A0052683.exe [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [AVERTISSEMENT] Fichier ignoré. C:\System Volume Information\_restore{490945C7-5CD8-4349-9148-F4444C2648AE}\RP831\A0052685.exe [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [AVERTISSEMENT] Fichier ignoré. C:\System Volume Information\_restore{490945C7-5CD8-4349-9148-F4444C2648AE}\RP831\A0052686.exe [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [AVERTISSEMENT] Fichier ignoré. C:\System Volume Information\_restore{490945C7-5CD8-4349-9148-F4444C2648AE}\RP831\A0052690.exe [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [REMARQUE] Une copie de sécurité a été créée sous le nom 4b2960c9.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\System Volume Information\_restore{490945C7-5CD8-4349-9148-F4444C2648AE}\RP834\A0052847.exe [0] Type d'archive: RAR SFX (self extracting) --> SmitfraudFix\Agent.OMZ.Fix.exe [RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted) [AVERTISSEMENT] Fichier ignoré. C:\System Volume Information\_restore{490945C7-5CD8-4349-9148-F4444C2648AE}\RP839\A0053131.exe [0] Type d'archive: RAR SFX (self extracting) --> 32788R22FWJFW\n.pif [RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted) [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b2961b0.qua' ! C:\System Volume Information\_restore{490945C7-5CD8-4349-9148-F4444C2648AE}\RP839\A0053614.pif [RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted) [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b29628f.qua' ! Recherche débutant dans 'D:\' <BACKUP> D:\Tools\eTrust Antivirus\AlertPackage.exe [0] Type d'archive: RSRC --> Object [1] Type d'archive: CAB (Microsoft) --> alert.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Tools\eTrust Antivirus\webpkg.exe [0] Type d'archive: RSRC --> Object [1] Type d'archive: CAB (Microsoft) --> inoweb.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. Recherche débutant dans 'E:\' <RECOVER> Recherche débutant dans 'F:\' <DATA> Fin de la recherche : mardi 10 novembre 2009 14:37 Temps nécessaire: 2:37:21 Heure(s) La recherche a été effectuée intégralement 11957 Les répertoires ont été contrôlés 385423 Des fichiers ont été contrôlés 9 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 1 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 3 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 2 Impossible de contrôler des fichiers 385412 Fichiers non infectés 8607 Les archives ont été contrôlées 13 Avertissements 3 Consignes ComboFix 09-11-09.02 - DELAPAMPA 11/11/2009 11:02.10.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.462 [GMT 1:00] Lancé depuis: c:\documents and settings\DELAPAMPA\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\DELAPAMPA\Bureau\CFScript (2).txt AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: BullGuard 5.0 antivirus *On-access scanning disabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard 5.0 firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} FILE :: "c:\program files\google\googletoolbar1.dll" "c:\windows\tkrhoghe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\google\googletoolbar1.dll c:\program files\Google\GoogleToolbarNotifier c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\gth.dll c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\gtn.dll c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\Readme.url c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe c:\program files\PC Tools AntiVirus c:\program files\PC Tools AntiVirus\msvcr71.dll c:\program files\PC Tools AntiVirus\Updates\av9-015.vdb c:\program files\PC Tools AntiVirus\Updates\av9-016.vdb . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PCTAVSVC -------\Service_PCTAVSvc ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 )))))))))))))))))))))))))))))))))))) . 2009-11-09 18:57 . 2009-11-09 18:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-09 18:55 . 2008-10-30 09:21 75072 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-09 18:55 . 2008-05-09 11:15 45376 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-09 18:55 . 2008-01-21 16:11 22336 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-09 18:55 . 2009-11-09 18:55 -------- d-----w- c:\program files\Avira 2009-11-09 18:55 . 2009-11-09 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-26 19:02 . 2009-10-26 19:02 -------- d-----w- C:\rsit 2009-10-26 12:50 . 2009-10-26 12:50 -------- d-----w- c:\program files\Trend Micro 2009-10-16 15:51 . 2009-10-06 11:40 545280 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-10-16 15:51 . 2009-10-06 11:40 344064 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2009-10-16 15:51 . 2009-10-06 11:40 153600 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2009-10-16 15:51 . 2009-10-06 11:40 103424 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-10-16 15:51 . 2009-10-06 11:40 4716544 ----a-w- c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\components\cooliris.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-11 10:07 . 2005-10-17 17:07 -------- d-----w- c:\program files\Google 2009-11-11 09:59 . 2005-03-07 18:27 84702 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-11 09:59 . 2005-03-07 18:27 510144 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-11 09:54 . 2005-03-08 14:26 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2009-11-11 09:02 . 2006-03-05 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-09 18:51 . 2006-05-05 19:18 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\Lavasoft 2009-11-04 11:33 . 2007-09-02 20:02 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\uTorrent 2009-11-02 19:42 . 2009-10-03 12:47 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-30 07:14 . 2007-09-02 21:01 -------- d-----w- c:\program files\TF1Vision 2009-10-29 20:14 . 2006-03-05 16:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-26 12:51 . 2008-10-09 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-11 14:18 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2008-10-09 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2008-10-09 17:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:04 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:56 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:01 . 2004-08-05 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-23 02:28 . 2005-05-19 18:04 99152 ----a-w- c:\documents and settings\DELAPAMPA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2007-11-14 11:57 . 2007-11-14 11:57 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-29_19.56.50 ))))))))))))))))))))))))))))))))))))))))) . + 2005-03-07 18:27 . 2009-11-11 09:59 71320 c:\windows\system32\perfc009.dat - 2005-03-07 18:27 . 2009-10-26 19:03 71320 c:\windows\system32\perfc009.dat + 2008-01-24 11:46 . 2007-11-08 17:03 21248 c:\windows\system32\drivers\ssmdrv.sys + 2005-03-07 18:27 . 2009-11-11 09:59 440654 c:\windows\system32\perfh009.dat - 2005-03-07 18:27 . 2009-10-26 19:03 440654 c:\windows\system32\perfh009.dat + 2009-11-04 19:37 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-04 19:37 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe + 2004-08-05 12:00 . 2009-10-22 09:17 5939712 c:\windows\system32\mshtml.dll + 2004-08-05 12:00 . 2009-10-22 09:17 5939712 c:\windows\system32\dllcache\mshtml.dll + 2009-11-04 19:37 . 2009-08-29 07:56 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 344064] "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2004-11-09 81920] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-31 37232] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Dit"="Dit.exe" - c:\windows\Dit.exe [2004-07-20 90112] "CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-02-24 508416] "ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-02-03 5794816] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-05 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk.disabled [2005-5-19 1958] Assistant d'Acrobat.lnk.disabled [2005-5-19 1862] BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57245:TCP"= 57245:TCP:Pando P2P TCP Listening Port "57245:UDP"= 57245:UDP:Pando P2P UDP Listening Port R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [07/03/2005 10:52 945152] R3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31XND5.SYS [18/11/2005 21:17 16007] R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [08/03/2005 16:59 380736] R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [08/03/2005 15:30 11672] S2 qgehicwx;USB Serial Converter Helper;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 13:00 14336] S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/03/2005 15:26 17408] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [16/02/2006 21:22 31547] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://home.neuf.fr/ uInternet Settings,ProxyServer = pop.free.fr uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI141_01.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-11 11:09 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\TEMP\TMP0000001F96B43AD95BD351D8 524288 bytes Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(572) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2768) c:\program files\CyberLink\Shared Files\CLRCEngine.dll c:\windows\HKCYDLL.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll c:\program files\WinRAR\rarext.dll c:\program files\Avira\AntiVir PersonalEdition Classic\shlext.dll c:\program files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll c:\program files\Conceptworld\Piky\Piky.dll c:\program files\Malwarebytes' Anti-Malware\mbamext.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\MSI\Bluetooth Software\bin\btwdins.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2009-11-11 11:14 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-11 10:14 ComboFix2.txt 2009-11-04 18:12 ComboFix3.txt 2009-11-04 11:55 ComboFix4.txt 2009-10-29 20:01 ComboFix5.txt 2009-11-11 10:01 Avant-CF: 31 858 028 544 octets libres Après-CF: 31 814 070 272 octets libres - - End Of File - - 24630A4BAE0D28C8B3630D6706164A59
  11. FURIOUS BOB
    Salut Désolé je me suis emmélé les pinceaux avec tous ces rapports !! le voici le Rsit OK effectivement, alors encore merci cher ami. en plus ce n'est pas ton métier, tu es vraiment un passionné et c'est chose rare que les actions purement désintéressés !!! Comment te remercier ? y ' a t'il un classement ou une évaluation des helpers où je peux faire grimper ta côte ? :P ANTIVIR trouvé des trojans qu'il n'est pas en mesure de traiter on dirait notamment ceux là : HIDDENEXT/crypted TR/trash.Gen Le rapport : Logfile of random's system information tool 1.06 (written by random/random) Run by DELAPAMPA at 2009-11-09 20:07:29 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 30 GB (32%) free of 94 GB Total RAM: 1023 MB (44% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:07:39, on 09/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\DELAPAMPA\Mes documents\Downloads\RSIT (1).exe C:\Program Files\Trend Micro\HijackThis\DELAPAMPA.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop.free.fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {72ED067B-303D-48A2-8211-AFD8D98BE44A} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: (no name) - {CAE07211-9B79-4392-B6D6-59C7800ECD9F} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk.disabled O4 - Global Startup: Assistant d'Acrobat.lnk.disabled O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206711224812 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207653252687 O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://C:\Program Files\MDT6\AcDcToday.ocx O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\MDT6\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Program Files\MDT6\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://C:\Program Files\MDT6\AcPreview.ocx O20 - Winlogon Notify: tkrhoghe - C:\WINDOWS\ O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11681 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72ED067B-303D-48A2-8211-AFD8D98BE44A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-11-14 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAE07211-9B79-4392-B6D6-59C7800ECD9F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-11-14 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-24 344064] "Dit"=C:\WINDOWS\Dit.exe [2004-07-20 90112] "CHotkey"=C:\WINDOWS\mHotkey.exe [2004-02-24 508416] "ledpointer"=C:\WINDOWS\CNYHKey.exe [2004-02-03 5794816] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209] "PCMService"=C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [2004-11-09 81920] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632] "PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528] "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552] "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536] "ASUS Camera ScreenSaver"=C:\WINDOWS\ASScrProlog.exe [2008-10-31 37232] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ccleaner"=C:\Program Files\CCleaner\CCleaner.exe /AUTO [] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk.disabled - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Assistant d'Acrobat.lnk.disabled - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe BTTray.lnk - C:\Program Files\MSI\Bluetooth Software\BTTray.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-11-24 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tkrhoghe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticecaption"= "legalnoticetext"= [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======File associations====== .scr - open - C:\WINDOWS\NOTEPAD.EXE "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-11-09 19:55:28 ----D---- C:\Program Files\Avira 2009-11-09 19:55:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-11-04 19:12:11 ----D---- C:\WINDOWS\temp 2009-11-04 19:12:09 ----A---- C:\ComboFix.txt 2009-11-04 19:00:05 ----D---- C:\ComboFix 2009-10-29 20:49:09 ----A---- C:\Boot.bak 2009-10-29 20:49:01 ----RASHD---- C:\cmdcons 2009-10-29 20:47:36 ----A---- C:\WINDOWS\zip.exe 2009-10-29 20:47:36 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-10-29 20:47:36 ----A---- C:\WINDOWS\SWSC.exe 2009-10-29 20:47:36 ----A---- C:\WINDOWS\SWREG.exe 2009-10-29 20:47:36 ----A---- C:\WINDOWS\sed.exe 2009-10-29 20:47:36 ----A---- C:\WINDOWS\PEV.exe 2009-10-29 20:47:36 ----A---- C:\WINDOWS\NIRCMD.exe 2009-10-29 20:47:36 ----A---- C:\WINDOWS\MBR.exe 2009-10-29 20:47:36 ----A---- C:\WINDOWS\grep.exe 2009-10-26 20:02:12 ----D---- C:\rsit 2009-10-26 13:50:03 ----D---- C:\Program Files\Trend Micro ======List of files/folders modified in the last 1 months====== 2009-11-09 20:07:36 ----D---- C:\WINDOWS\Prefetch 2009-11-09 19:55:29 ----D---- C:\WINDOWS\system32\drivers 2009-11-09 19:55:28 ----RAD---- C:\Program Files 2009-11-09 19:51:50 ----D---- C:\Documents and Settings\DELAPAMPA\Application Data\Lavasoft 2009-11-09 19:51:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-11-09 19:35:11 ----D---- C:\WINDOWS\system32 2009-11-09 19:35:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-11-09 19:34:04 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-09 19:34:02 ----SD---- C:\WINDOWS\Tasks 2009-11-09 19:31:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-09 19:31:21 ----D---- C:\WINDOWS 2009-11-09 19:31:03 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt 2009-11-06 19:24:03 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-11-06 19:19:57 ----D---- C:\Program Files\Mozilla Firefox 2009-11-04 20:37:57 ----HD---- C:\WINDOWS\inf 2009-11-04 20:37:54 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-11-04 20:37:36 ----HD---- C:\WINDOWS\$hf_mig$ 2009-11-04 19:11:36 ----D---- C:\QooBox 2009-11-04 19:07:54 ----A---- C:\WINDOWS\system.ini 2009-11-04 19:06:13 ----D---- C:\WINDOWS\system32\config 2009-11-04 19:05:59 ----D---- C:\WINDOWS\erdnt 2009-11-04 19:03:52 ----D---- C:\WINDOWS\AppPatch 2009-11-04 19:03:49 ----D---- C:\Program Files\Fichiers communs 2009-11-04 12:41:53 ----A---- C:\WINDOWS\NeroDigital.ini 2009-11-04 12:33:26 ----D---- C:\Documents and Settings\DELAPAMPA\Application Data\uTorrent 2009-11-02 20:42:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe 2009-11-02 19:50:58 ----SHD---- C:\RECYCLER 2009-10-31 14:05:22 ----D---- C:\WINDOWS\system32\wbem 2009-10-30 08:14:13 ----D---- C:\Program Files\TF1Vision 2009-10-29 21:14:27 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-10-29 20:53:46 ----RSD---- C:\WINDOWS\Fonts 2009-10-29 20:49:09 ----RASH---- C:\boot.ini 2009-10-26 13:51:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-10-22 10:17:28 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-10-20 01:45:42 ----SHD---- C:\WINDOWS\Installer 2009-10-20 01:45:42 ----D---- C:\Config.Msi 2009-10-15 11:35:35 ----D---- C:\WINDOWS\Microsoft.NET 2009-10-15 11:35:33 ----RSD---- C:\WINDOWS\assembly 2009-10-15 11:27:20 ----D---- C:\WINDOWS\Debug 2009-10-14 21:30:50 ----D---- C:\WINDOWS\WinSxS 2009-10-14 21:28:11 ----D---- C:\Program Files\Internet Explorer 2009-10-14 21:22:44 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-11-24 872960] R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-03 105984] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-03-31 16640] R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-03-31 30235] R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-03-31 146684] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-12-17 804800] R3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver; C:\WINDOWS\system32\DRIVERS\FA31XND5.SYS [2002-05-15 16007] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288] R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-03 13824] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-20 33280] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-20 12928] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760] R3 PRISM_A00;CREATIX 802.11g Driver; C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888] R3 UKBFLT;UKBFLT; C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [] S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-04 1066278] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-03-31 52856] S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR; C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 16074] S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2000-11-07 17490] S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2000-11-07 45965] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2001-12-11 37087] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem; C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547] S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [] S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 X10UIF;%DESCRIPTION%; C:\WINDOWS\System32\Drivers\x10uif.sys [2001-11-14 10761] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-07-08 103936] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-07-08 103936] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-07-08 103936] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-11-24 425984] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe [2004-03-31 135168] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [] S2 qgehicwx;USB Serial Converter Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-05-19 68096] S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-22 61440] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-14 1836544] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2002-03-13 65536] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  12. FURIOUS BOB
    salut Ogu, Mille Merci pour ton expertise ! Et si tu veux bien continuer à me guider pour la sécurisation, j'accepte volontiers, le rapport est Là Petite curiosité : à part la philanthropie, quel intérêt as tu à aider les mecs qui galère avec leur PC, de quel façon es tu lié à ZEbulon ? ComboFix 09-11-03.03 - DELAPAMPA 04/11/2009 12:45.8.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.611 [GMT 1:00] Lancé depuis: c:\documents and settings\DELAPAMPA\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\DELAPAMPA\Bureau\CFScript.txt AV: BullGuard 5.0 antivirus *On-access scanning disabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard 5.0 firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} FILE :: "c:\windows\system32\59E0682C5F.sys" "c:\windows\Tasks\Google Software Updater.job" "c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031931224-3083130229-1089167384-1006Core.job" "c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031931224-3083130229-1089167384-1006UA.job" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Google Updater c:\documents and settings\All Users\Application Data\Google Updater\history\history c:\documents and settings\All Users\Application Data\Google Updater\icons\images_acrobat.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ar.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_avast.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_chrome.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_desktop.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_earth.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ff.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_gapps.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_gpy.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ksd.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_maxthon.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ns.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_picasa.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_real.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_sd.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_skype.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_talk.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_toolbar.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_wps.gif c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleUpdate.exe c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleUpdateHelper.msi c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdate.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\GoopdateBho.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ar.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_bg.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_bn.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ca.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_cs.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_da.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_de.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_el.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_en-GB.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_en.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_es-419.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_es.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_et.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_fa.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_fi.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_fil.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_fr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_gu.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_hi.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_hr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_hu.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_id.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_is.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_it.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_iw.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ja.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_kn.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ko.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_lt.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_lv.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ml.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_mr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ms.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_nl.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_no.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_or.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_pl.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_pt-BR.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_pt-PT.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ro.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ru.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_sk.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_sl.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_sr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_sv.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ta.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_te.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_th.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_tr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_uk.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ur.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_vi.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_zh-CN.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_zh-TW.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe c:\program files\Google\Common\Google Updater c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\PCPitstop c:\program files\PCPitstop\Optimize\optimize_log.txt c:\windows\system32\59E0682C5F.sys c:\windows\Tasks\Google Software Updater.job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031931224-3083130229-1089167384-1006Core.job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031931224-3083130229-1089167384-1006UA.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Acc9srskwerg ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-04 au 2009-11-04 )))))))))))))))))))))))))))))))))))) . 2009-10-26 19:02 . 2009-10-26 19:02 -------- d-----w- C:\rsit 2009-10-26 12:50 . 2009-10-26 12:50 -------- d-----w- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-04 11:33 . 2007-09-02 20:02 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\uTorrent 2009-11-02 19:01 . 2006-03-05 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-02 18:54 . 2005-03-07 18:27 84702 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-02 18:54 . 2005-03-07 18:27 510144 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-02 18:50 . 2005-03-08 14:26 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2009-10-30 07:14 . 2007-09-02 21:01 -------- d-----w- c:\program files\TF1Vision 2009-10-29 20:14 . 2006-03-05 16:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-26 12:51 . 2008-10-09 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-01 08:29 . 2009-10-03 12:47 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-11 14:28 . 2008-10-29 21:13 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\dvdcss 2009-09-11 14:18 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2008-10-09 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2008-10-09 17:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:04 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:56 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:01 . 2004-08-05 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-23 02:28 . 2005-05-19 18:04 99152 ----a-w- c:\documents and settings\DELAPAMPA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-06 17:24 . 2005-03-07 10:37 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 17:24 . 2005-03-07 10:37 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2005-03-08 16:23 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 17:24 . 2005-03-07 10:37 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2004-08-05 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2005-03-08 16:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2008-04-08 13:26 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 17:23 . 2007-07-30 17:18 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 17:23 . 2005-03-07 10:37 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2007-11-14 11:57 . 2007-11-14 11:57 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-29_19.56.50 ))))))))))))))))))))))))))))))))))))))))) . + 2005-03-07 18:27 . 2009-11-02 18:54 71320 c:\windows\system32\perfc009.dat - 2005-03-07 18:27 . 2009-10-26 19:03 71320 c:\windows\system32\perfc009.dat + 2005-03-07 18:27 . 2009-11-02 18:54 440654 c:\windows\system32\perfh009.dat - 2005-03-07 18:27 . 2009-10-26 19:03 440654 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-09-29 1279216] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 344064] "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2004-11-09 81920] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-31 37232] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Dit"="Dit.exe" - c:\windows\Dit.exe [2004-07-20 90112] "CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-02-24 508416] "ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-02-03 5794816] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-05 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk.disabled [2005-5-19 1958] Assistant d'Acrobat.lnk.disabled [2005-5-19 1862] BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tkrhoghe] [bU] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57245:TCP"= 57245:TCP:Pando P2P TCP Listening Port "57245:UDP"= 57245:UDP:Pando P2P UDP Listening Port R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [07/03/2005 10:52 945152] R3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31XND5.SYS [18/11/2005 21:17 16007] R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [08/03/2005 16:59 380736] R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [08/03/2005 15:30 11672] S2 qgehicwx;USB Serial Converter Helper;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 13:00 14336] S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/03/2005 15:26 17408] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [16/02/2006 21:22 31547] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-04 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://home.neuf.fr/ uInternet Settings,ProxyServer = pop.free.fr uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI141_01.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - BHO-{72ED067B-303D-48A2-8211-AFD8D98BE44A} - (no file) BHO-{CAE07211-9B79-4392-B6D6-59C7800ECD9F} - (no file) HKCU-Run-Google Update - c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-04 12:51 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(572) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3588) c:\program files\CyberLink\Shared Files\CLRCEngine.dll c:\windows\HKCYDLL.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\eappprxy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\MSI\Bluetooth Software\bin\btwdins.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-11-04 12:55 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-04 11:55 ComboFix2.txt 2009-10-29 20:01 ComboFix3.txt 2008-02-01 12:37 ComboFix4.txt 2008-02-01 12:29 ComboFix5.txt 2009-11-04 11:44 Avant-CF: 32 295 972 864 octets libres Après-CF: 32 140 292 096 octets libres
  13. FURIOUS BOB
    Le voici !! ComboFix 09-11-03.03 - DELAPAMPA 04/11/2009 19:01.9.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.520 [GMT 1:00] Lancé depuis: c:\documents and settings\DELAPAMPA\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\DELAPAMPA\Bureau\CFScript (1).txt AV: BullGuard 5.0 antivirus *On-access scanning disabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard 5.0 firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Grisoft\ c:\program files\Grisoft\\AVG Anti-Spyware 7.5\avgas.exe c:\program files\Grisoft\\AVG Anti-Spyware 7.5\avgasc64.sys c:\program files\Grisoft\\AVG Anti-Spyware 7.5\avgascln.sys c:\program files\Grisoft\\AVG Anti-Spyware 7.5\clsid.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\context.dll c:\program files\Grisoft\\AVG Anti-Spyware 7.5\context64.dll c:\program files\Grisoft\\AVG Anti-Spyware 7.5\engine.dll c:\program files\Grisoft\\AVG Anti-Spyware 7.5\error.txt c:\program files\Grisoft\\AVG Anti-Spyware 7.5\guard.dmp c:\program files\Grisoft\\AVG Anti-Spyware 7.5\guard.err c:\program files\Grisoft\\AVG Anti-Spyware 7.5\guard.exe c:\program files\Grisoft\\AVG Anti-Spyware 7.5\guard.sys c:\program files\Grisoft\\AVG Anti-Spyware 7.5\guard64.sys c:\program files\Grisoft\\AVG Anti-Spyware 7.5\heuristic.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\lang.ini c:\program files\Grisoft\\AVG Anti-Spyware 7.5\shellexecutehook.dll c:\program files\Grisoft\\AVG Anti-Spyware 7.5\shellexecutehook64.dll c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3100.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3101.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3102.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3103.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3104.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3105.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3106.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3107.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3108.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3109.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3110.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3111.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3112.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3113.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3114.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3115.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3116.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3117.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3118.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3119.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3120.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3121.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3122.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3123.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3124.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3125.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3126.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3127.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3128.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3129.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3130.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3131.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3132.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3133.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3134.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3135.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3136.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3137.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3138.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3139.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3140.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3141.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3142.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3143.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3144.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3145.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3146.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3147.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3148.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3149.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3150.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3151.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3152.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3153.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3154.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3155.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3156.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3157.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3158.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3159.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3160.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3161.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3162.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3163.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3164.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3165.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3166.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3167.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3168.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3169.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3170.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3171.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3172.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3173.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3174.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3175.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3176.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3177.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3178.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3179.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3180.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3181.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3182.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3183.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3184.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3185.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3186.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3187.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3188.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3189.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3190.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3191.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3192.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3193.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3194.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3195.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3196.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3197.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3198.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3199.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3200.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3201.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3202.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3203.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3204.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3205.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3206.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3207.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3208.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3209.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3210.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3211.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3212.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3213.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3214.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3215.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3216.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3217.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3218.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3219.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3220.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3221.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3222.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3223.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3224.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3225.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3226.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3227.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3228.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3229.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3230.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3231.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3232.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3233.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3234.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3235.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3236.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3237.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3238.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3239.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3240.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3241.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3242.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3243.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3244.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3245.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3246.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3247.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3248.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3249.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3250.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3251.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3252.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3253.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3254.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3255.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3256.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3257.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3258.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3259.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3260.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3261.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3262.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3263.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3264.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3265.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3266.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3267.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3268.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3269.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3270.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3271.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3272.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3273.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3274.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3275.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3276.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3277.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3278.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3279.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3280.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3281.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3282.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3283.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3284.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3285.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3286.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3287.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3288.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3289.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3290.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3291.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3292.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3293.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3294.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3295.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3296.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3297.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3298.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3299.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3300.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3301.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3302.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3303.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3304.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3305.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3306.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3307.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3308.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3309.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3310.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3311.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3312.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3313.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3314.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3315.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3316.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3317.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3318.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3319.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3320.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3321.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3322.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3323.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3324.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3325.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3326.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3327.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3328.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3329.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3330.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3331.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3332.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3333.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3334.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3335.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3336.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3337.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3338.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Signatures\3339.dat c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Translations\czech.mo c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Translations\english.mo c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Translations\french.mo c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Translations\german.mo c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Translations\italian.mo c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Translations\portuguese.mo c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Translations\slovak.mo c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Translations\spanish.mo c:\program files\Grisoft\\AVG Anti-Spyware 7.5\Uninstall.exe c:\program files\Grisoft\\AVG Anti-Spyware 7.5\updater.ewidolog . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AVGASCLN -------\Legacy_AVG_ANTI-SPYWARE_DRIVER -------\Legacy_AVG_ANTI-SPYWARE_GUARD -------\Service_AVG Anti-Spyware Driver -------\Service_AVG Anti-Spyware Guard -------\Service_AvgAsCln ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-04 au 2009-11-04 )))))))))))))))))))))))))))))))))))) . 2009-10-26 19:02 . 2009-10-26 19:02 -------- d-----w- C:\rsit 2009-10-26 12:50 . 2009-10-26 12:50 -------- d-----w- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-04 18:07 . 2005-03-08 14:26 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2009-11-04 11:55 . 2005-03-07 18:27 84702 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-04 11:55 . 2005-03-07 18:27 510144 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-04 11:33 . 2007-09-02 20:02 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\uTorrent 2009-11-02 19:01 . 2006-03-05 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-30 07:14 . 2007-09-02 21:01 -------- d-----w- c:\program files\TF1Vision 2009-10-29 20:14 . 2006-03-05 16:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-26 12:51 . 2008-10-09 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-01 08:29 . 2009-10-03 12:47 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-11 14:28 . 2008-10-29 21:13 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\dvdcss 2009-09-11 14:18 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2008-10-09 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2008-10-09 17:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:04 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:56 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:01 . 2004-08-05 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-23 02:28 . 2005-05-19 18:04 99152 ----a-w- c:\documents and settings\DELAPAMPA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2007-11-14 11:57 . 2007-11-14 11:57 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-29_19.56.50 ))))))))))))))))))))))))))))))))))))))))) . + 2005-03-07 18:27 . 2009-11-04 11:55 71320 c:\windows\system32\perfc009.dat - 2005-03-07 18:27 . 2009-10-26 19:03 71320 c:\windows\system32\perfc009.dat + 2005-03-07 18:27 . 2009-11-04 11:55 440654 c:\windows\system32\perfh009.dat - 2005-03-07 18:27 . 2009-10-26 19:03 440654 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-09-29 1279216] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 344064] "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2004-11-09 81920] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-31 37232] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Dit"="Dit.exe" - c:\windows\Dit.exe [2004-07-20 90112] "CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-02-24 508416] "ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-02-03 5794816] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-05 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk.disabled [2005-5-19 1958] Assistant d'Acrobat.lnk.disabled [2005-5-19 1862] BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57245:TCP"= 57245:TCP:Pando P2P TCP Listening Port "57245:UDP"= 57245:UDP:Pando P2P UDP Listening Port R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [07/03/2005 10:52 945152] R3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31XND5.SYS [18/11/2005 21:17 16007] R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [08/03/2005 16:59 380736] R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [08/03/2005 15:30 11672] S2 qgehicwx;USB Serial Converter Helper;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 13:00 14336] S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/03/2005 15:26 17408] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [16/02/2006 21:22 31547] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-04 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://home.neuf.fr/ uInternet Settings,ProxyServer = pop.free.fr uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-04 19:08 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(576) c:\windows\system32\Ati2evxx.dll c:\windows\system32\adsldpc.dll - - - - - - - > 'explorer.exe'(3096) c:\program files\CyberLink\Shared Files\CLRCEngine.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\MSI\Bluetooth Software\bin\btwdins.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE . ************************************************************************** . Heure de fin: 2009-11-04 19:12 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-04 18:12 ComboFix2.txt 2009-11-04 11:55 ComboFix3.txt 2009-10-29 20:01 ComboFix4.txt 2008-02-01 12:37 ComboFix5.txt 2009-11-04 18:00 Avant-CF: 32 141 766 656 octets libres Après-CF: 32 114 319 360 octets libres
  14. FURIOUS BOB
    Salut ! Tout s'est déroulé comme décrit dans ton post. Pour AVG, je ne l'utilise plus en fait mais n'arrive pas à l'enlever et de toute façon je compte renouveller tous les soft de sécurité sur mon PC, il me semble que j'ai vu une section détaillée de ce type sur le forum. Je change tout dés que tu écris : " Il eût été plus sûr de ne pas pratiquer le peer to peer, mais j'ai réussi à éradiquer toutes les infections de ton PC" voici les logs : ComboFix 09-11-03.03 - DELAPAMPA 04/11/2009 12:45.8.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.611 [GMT 1:00] Lancé depuis: c:\documents and settings\DELAPAMPA\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\DELAPAMPA\Bureau\CFScript.txt AV: BullGuard 5.0 antivirus *On-access scanning disabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard 5.0 firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} FILE :: "c:\windows\system32\59E0682C5F.sys" "c:\windows\Tasks\Google Software Updater.job" "c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031931224-3083130229-1089167384-1006Core.job" "c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031931224-3083130229-1089167384-1006UA.job" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Google Updater c:\documents and settings\All Users\Application Data\Google Updater\history\history c:\documents and settings\All Users\Application Data\Google Updater\icons\images_acrobat.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ar.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_avast.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_chrome.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_desktop.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_earth.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ff.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_gapps.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_gpy.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ksd.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_maxthon.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_ns.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_picasa.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_real.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_sd.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_skype.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_talk.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_toolbar.gif c:\documents and settings\All Users\Application Data\Google Updater\icons\images_wps.gif c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleUpdate.exe c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleUpdateHelper.msi c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdate.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\GoopdateBho.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ar.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_bg.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_bn.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ca.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_cs.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_da.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_de.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_el.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_en-GB.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_en.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_es-419.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_es.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_et.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_fa.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_fi.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_fil.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_fr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_gu.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_hi.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_hr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_hu.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_id.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_is.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_it.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_iw.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ja.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_kn.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ko.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_lt.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_lv.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ml.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_mr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ms.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_nl.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_no.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_or.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_pl.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_pt-BR.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_pt-PT.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ro.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ru.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_sk.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_sl.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_sr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_sv.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ta.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_te.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_th.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_tr.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_uk.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_ur.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_vi.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_zh-CN.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\goopdateres_zh-TW.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe c:\program files\Google\Common\Google Updater c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\PCPitstop c:\program files\PCPitstop\Optimize\optimize_log.txt c:\windows\system32\59E0682C5F.sys c:\windows\Tasks\Google Software Updater.job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031931224-3083130229-1089167384-1006Core.job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031931224-3083130229-1089167384-1006UA.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Acc9srskwerg ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-04 au 2009-11-04 )))))))))))))))))))))))))))))))))))) . 2009-10-26 19:02 . 2009-10-26 19:02 -------- d-----w- C:\rsit 2009-10-26 12:50 . 2009-10-26 12:50 -------- d-----w- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-04 11:33 . 2007-09-02 20:02 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\uTorrent 2009-11-02 19:01 . 2006-03-05 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-02 18:54 . 2005-03-07 18:27 84702 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-02 18:54 . 2005-03-07 18:27 510144 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-02 18:50 . 2005-03-08 14:26 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2009-10-30 07:14 . 2007-09-02 21:01 -------- d-----w- c:\program files\TF1Vision 2009-10-29 20:14 . 2006-03-05 16:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-26 12:51 . 2008-10-09 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-01 08:29 . 2009-10-03 12:47 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-11 14:28 . 2008-10-29 21:13 -------- d-----w- c:\documents and settings\DELAPAMPA\Application Data\dvdcss 2009-09-11 14:18 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2008-10-09 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2008-10-09 17:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:04 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:56 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:01 . 2004-08-05 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-23 02:28 . 2005-05-19 18:04 99152 ----a-w- c:\documents and settings\DELAPAMPA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-06 17:24 . 2005-03-07 10:37 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 17:24 . 2005-03-07 10:37 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2005-03-08 16:23 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 17:24 . 2005-03-07 10:37 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2004-08-05 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2005-03-08 16:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2008-04-08 13:26 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 17:23 . 2007-07-30 17:18 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 17:23 . 2005-03-07 10:37 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2007-11-14 11:57 . 2007-11-14 11:57 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-29_19.56.50 ))))))))))))))))))))))))))))))))))))))))) . + 2005-03-07 18:27 . 2009-11-02 18:54 71320 c:\windows\system32\perfc009.dat - 2005-03-07 18:27 . 2009-10-26 19:03 71320 c:\windows\system32\perfc009.dat + 2005-03-07 18:27 . 2009-11-02 18:54 440654 c:\windows\system32\perfh009.dat - 2005-03-07 18:27 . 2009-10-26 19:03 440654 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-09-29 1279216] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 344064] "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2004-11-09 81920] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-31 37232] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Dit"="Dit.exe" - c:\windows\Dit.exe [2004-07-20 90112] "CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-02-24 508416] "ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-02-03 5794816] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-05 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk.disabled [2005-5-19 1958] Assistant d'Acrobat.lnk.disabled [2005-5-19 1862] BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tkrhoghe] [bU] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57245:TCP"= 57245:TCP:Pando P2P TCP Listening Port "57245:UDP"= 57245:UDP:Pando P2P UDP Listening Port R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [07/03/2005 10:52 945152] R3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31XND5.SYS [18/11/2005 21:17 16007] R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [08/03/2005 16:59 380736] R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [08/03/2005 15:30 11672] S2 qgehicwx;USB Serial Converter Helper;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 13:00 14336] S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/03/2005 15:26 17408] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [16/02/2006 21:22 31547] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-04 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://home.neuf.fr/ uInternet Settings,ProxyServer = pop.free.fr uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll FF - component: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\DELAPAMPA\Application Data\Mozilla\Firefox\Profiles\g0h14aus.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI141_01.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - BHO-{72ED067B-303D-48A2-8211-AFD8D98BE44A} - (no file) BHO-{CAE07211-9B79-4392-B6D6-59C7800ECD9F} - (no file) HKCU-Run-Google Update - c:\documents and settings\DELAPAMPA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-04 12:51 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-4031931224-3083130229-1089167384-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(572) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3588) c:\program files\CyberLink\Shared Files\CLRCEngine.dll c:\windows\HKCYDLL.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\eappprxy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\MSI\Bluetooth Software\bin\btwdins.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-11-04 12:55 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-04 11:55 ComboFix2.txt 2009-10-29 20:01 ComboFix3.txt 2008-02-01 12:37 ComboFix4.txt 2008-02-01 12:29 ComboFix5.txt 2009-11-04 11:44 Avant-CF: 32 295 972 864 octets libres Après-CF: 32 140 292 096 octets libres Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK Merci de ton aide.
  15. FURIOUS BOB
    Salut oGu, Merci pour les liens, c'est intéressant mais je te confirme que cela ne me permet pas d'intervention freestyle et c'est sans doute mieux pour mon PC As tu eu le temps de jeter un oeil sur le rapport spybot pour m'indiquer la démarche à suivre, svp ? A+
×
×
  • Créer...