Aller au contenu

sacha99

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    22

  • Inscription

  • Dernière visite

sacha99's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. sacha99
    Je viens de tester, ca m'a l'air nickel ! Un grand merci
  2. sacha99
    Voila : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6182 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 27/03/2011 13:38:35 mbam-log-2011-03-27 (13-38-35).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 429011 Temps écoulé: 1 heure(s), 13 minute(s), 8 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  3. sacha99
    Voila le rapport, MBAM est en train de tourner pour l'instant ... Rapport de ZHPFix 1.12.3264 par Nicolas Coolman, Update du 25/03/2011 Fichier d'export Registre : Run by dieryck at 27/03/2011 12:23:30 Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) Web site : ZHPFix Fix de rapport Contact : nicolascoolman@yahoo.fr ========== Fichier(s) ========== c:\users\dieryck\desktop\autopano pro.lnk => Supprimé et mis en quarantaine c:\program files\kolor\autopano pro\autopano_win32.exe => Supprimé et mis en quarantaine c:\users\dieryck\appdata\roaming\microsoft\internet explorer\quick launch\autopano pro.lnk => Supprimé et mis en quarantaine c:\users\dieryck\appdata\roaming\microsoft\internet explorer\quick launch\lightroom 3.3.lnk => Supprimé et mis en quarantaine c:\program files\adobe\adobe photoshop lightroom 3.3\lightroom.exe => Supprimé et mis en quarantaine ========== Récapitulatif ========== 5 : Fichier(s) End of the scan
  4. sacha99
    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6182 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 27/03/2011 12:41:44 mbam-log-2011-03-27 (12-41-44).txt Type d'examen: Examen rapide Elément(s) analysé(s): 166513 Temps écoulé: 4 minute(s), 4 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\attrdkey (Spyware.Agent) -> Value: attrdkey -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Users\dieryck\AppData\Local\temp\cmdk RKill This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 27/03/2011 at 12:45:37. Operating System: Windows Vista Home Premium Processes terminated by Rkill or while it was running: C:\Windows\system32\conime.exe C:\Windows\system32\conime.exe C:\Windows\system32\conime.exe Rkill completed on 27/03/2011 at 12:45:39.
  5. sacha99
    Merci pour ton aide Voici le lien : Cijoint.fr - Service gratuit de dépôt de fichiers
  6. sacha99
    Je poste déja les rapports MBAM pendant que j'installe l'autre logiciel. Il yen a 2 parce que j'vais fait un examen rapide et n'ayant rien détecté j'en ai passé un complet ensuite. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4465 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 25/03/2011 16:27:37 mbam-log-2011-03-25 (16-27-37).txt Type d'examen: Examen rapide Elément(s) analysé(s): 142008 Temps écoulé: 11 minute(s), 37 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4465 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 25/03/2011 21:34:13 mbam-log-2011-03-25 (21-34-13).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 404254 Temps écoulé: 2 heure(s), 39 minute(s), 1 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Qoobox\Quarantine\C\Users\dieryck
  7. sacha99
    Rebonjour, j'avais en effet complètement oublié. Mais je viens de tenter la restauration en mode sans échec et il ne trouve aucun point. Alors que je suis sure qu'elle était active. Je suppose que c'est le virus qui s'en est occupé --' Que puis je tenter maintenant ? En sachant que j'ai déja passé malwarebytes antimalware ?
  8. sacha99
    Bonjour à tous, par manque de prudence j'ai téléchargé security tool. J'ai tenté de suivre ce tutoriel : http://forum.zebulon.fr/security-tool-comment-le-supprimer-t180074.html Mais je bloque au point 2. En effet, je ne trouve pas l'exécutable dans le dossier local. Pour ce qui est des points suivants, j'avais déja passé antivir et malwarebytes en mode sans échec mais ils n'ont rien trouvé. Merci d'avance pour vos conseils, cordialement, Sacha
  9. sacha99
    Aucune amélioration, je dois encore forcer l'extinction de l'ordi, pour le démarrage ca a marché ce coup-ci mais je ne sais pas si ca le fait a chaque fois. ComboFix 10-08-24.0A - dieryck 25/08/2010 14:58:02.2.2 - x86 Lancé depuis: c:\users\dieryck\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . Une copie infectée de c:\windows\system32\wininit.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!wininit.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-25 au 2010-08-25 )))))))))))))))))))))))))))))))))))) . 2010-08-25 13:03 . 2010-08-25 13:03 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-25 13:03 . 2010-08-25 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-24 21:32 . 2010-08-24 21:36 -------- d-----w- c:\program files\SEAF 2010-08-24 18:58 . 2010-08-24 18:58 -------- d-----w- c:\program files\Kolor 2010-08-24 16:22 . 2010-08-25 13:14 -------- d-----w- c:\users\dieryck\AppData\Local\temp 2010-08-23 14:43 . 2010-08-24 11:01 -------- d-----w- c:\program files\trend micro 2010-08-23 14:43 . 2010-08-23 14:43 -------- d-----w- C:\rsit 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\users\dieryck\AppData\Roaming\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\programdata\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-20 19:32 . 2010-06-04 21:39 -------- d-----w- c:\users\dieryck\Tome 33 2010-08-11 15:26 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 15:26 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-11 15:26 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-11 15:26 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-11 15:26 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-11 15:26 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-05 19:27 . 2010-08-25 13:14 -------- d-----w- c:\users\dieryck\AppData\Roaming\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\program files\Common Files\Skype 2010-08-05 19:26 . 2010-08-05 19:27 -------- d-----r- c:\program files\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\programdata\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-25 12:59 . 2009-03-31 19:49 -------- d-----w- c:\programdata\Google Updater 2010-08-24 20:04 . 2009-08-25 09:59 -------- d-----w- c:\users\dieryck\AppData\Roaming\uTorrent 2010-08-24 16:37 . 2008-01-21 08:40 678804 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-24 16:37 . 2008-01-21 08:40 126420 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-12 09:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-04 15:12 . 2009-03-28 16:42 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-04 15:12 . 2010-03-28 12:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-08-03 18:12 . 2009-01-05 15:20 -------- d-----w- c:\program files\Electronic Arts 2010-08-03 18:12 . 2008-12-30 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-03 18:10 . 2010-05-14 15:28 -------- d-----w- c:\program files\Pcsx2 2010-08-03 18:05 . 2009-01-03 16:51 -------- d-----w- c:\programdata\Media Center Programs 2010-06-28 20:00 . 2010-06-28 20:00 -------- d-----w- c:\programdata\2DBoy 2010-06-28 19:57 . 2010-06-28 19:57 -------- d-----w- c:\program files\WorldOfGoo 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\users\dieryck\AppData\Roaming\Ubisoft 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\programdata\Ubisoft 2010-06-28 19:31 . 2009-01-01 12:42 -------- d-----w- c:\program files\Ubisoft 2010-06-26 18:40 . 2010-06-26 18:40 -------- d-----w- c:\program files\Microsoft.NET 2010-06-26 06:05 . 2010-08-11 15:27 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-11 15:27 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-11 15:27 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-11 15:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-11 15:27 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-11 15:27 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-15 19:12 . 2009-09-22 15:56 1 ----a-w- c:\users\dieryck\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-13 15:52 . 2008-12-30 17:12 70728 ----a-w- c:\users\dieryck\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-13 12:16 . 2009-03-01 17:11 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-06-11 16:16 . 2010-08-11 15:27 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-27 20:08 . 2010-08-11 15:27 81920 ----a-w- c:\windows\system32\iccvid.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Sys32V2Contoller"="c:\windows\mw2mmgr32\mw2mmgr32.exe" [2010-05-21 221696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\dieryck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe] 2008-07-11 16:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):d3,2b,ea,32,0e,ec,c9,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 133104] R3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-17 691696] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] S3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2005-03-15 161792] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-05-08 269824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-08-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 19:49] 2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job - c:\windows\system32\msfeedssync.exe [2010-08-11 04:24] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab FF - ProfilePath - c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-25 15:13 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:59,ec,77,a3,8e,6b,ae,21,bd,c8,4c,e1,0c,0c,75,e3,a1,e0,dd,60,14,d2,bd, 6f,49,d6,53,88,73,c1,b2,0a,14,9d,fc,7c,70,2e,cc,47,d9,e8,cc,54,ac,2f,6e,55,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\License information*] "datasecu"=hex:f1,82,c5,2f,1a,7b,3f,08,b3,8d,65,1e,fd,3c,2e,01,84,bb,27,20,a2, eb,d1,45,37,a2,40,bc,8b,72,89,48,4e,b1,a5,ba,2c,18,4b,38,b7,03,2d,96,2d,4c,\ "rkeysecu"=hex:60,72,c7,18,69,1d,ba,a6,c9,1a,ad,56,62,96,a5,65 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(2492) c:\program files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\program files\Secunia\PSI\psi.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2010-08-25 15:21:45 - La machine a redémarré ComboFix-quarantined-files.txt 2010-08-25 13:21 ComboFix2.txt 2010-08-24 16:22 ComboFix3.txt 2010-08-24 12:07 Avant-CF: 31.019.708.416 octets libres Après-CF: 30.884.646.912 octets libres - - End Of File - - B04D7E6053F119AEE8762E76FEB60DBB et le rapport rsit : Logfile of random's system information tool 1.08 (written by random/random) Run by dieryck at 2010-08-25 15:24:14 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 29 GB (6%) free of 477 GB Total RAM: 2046 MB (50% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:24:17, on 25/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\dieryck\Desktop\RSIT.exe C:\Program Files\trend micro\dieryck.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sys32V2Contoller] C:\Windows\mw2mmgr32\mw2mmgr32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate1c9b239ebb99295) (gupdate1c9b239ebb99295) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 22121 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-31 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-13 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120] "Sys32V2Contoller"=C:\Windows\mw2mmgr32\mw2mmgr32.exe [2010-05-21 221696] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] C:\PROGRA~1\APACHE~1\Apache2.2\bin\APACHE~1.EXE [2009-08-06 41051] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-12-15 384000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-08-25 15:21:48 ----D---- C:\Windows\temp 2010-08-25 15:21:46 ----A---- C:\ComboFix.txt 2010-08-25 15:13:33 ----D---- C:\$RECYCLE.BIN 2010-08-25 14:53:13 ----A---- C:\Windows\SWXCACLS.exe 2010-08-25 13:20:41 ----A---- C:\avenger.txt 2010-08-24 23:36:50 ----A---- C:\SEAFlog.txt 2010-08-24 23:32:54 ----A---- C:\TmpSeaf.txt 2010-08-24 23:32:36 ----D---- C:\Program Files\SEAF 2010-08-24 22:09:59 ----D---- C:\Avenger 2010-08-24 20:58:12 ----D---- C:\Program Files\Kolor 2010-08-24 18:03:24 ----A---- C:\Windows\PEV.exe 2010-08-24 17:50:58 ----A---- C:\TDSSKiller.2.4.1.2_24.08.2010_17.50.58_log.txt 2010-08-24 13:54:20 ----ASH---- C:\hiberfil.sys 2010-08-24 00:00:54 ----A---- C:\Windows\NIRCMD.exe 2010-08-23 22:35:16 ----A---- C:\Windows\zip.exe 2010-08-23 22:35:16 ----A---- C:\Windows\SWSC.exe 2010-08-23 22:35:16 ----A---- C:\Windows\SWREG.exe 2010-08-23 22:35:16 ----A---- C:\Windows\sed.exe 2010-08-23 22:35:16 ----A---- C:\Windows\MBR.exe 2010-08-23 22:35:16 ----A---- C:\Windows\grep.exe 2010-08-23 22:35:10 ----D---- C:\Windows\ERDNT 2010-08-23 22:33:52 ----D---- C:\Qoobox 2010-08-23 16:43:47 ----D---- C:\Program Files\trend micro 2010-08-23 16:43:46 ----D---- C:\rsit 2010-08-23 11:08:18 ----D---- C:\Users\dieryck\AppData\Roaming\Malwarebytes 2010-08-23 11:08:12 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-23 11:08:11 ----D---- C:\ProgramData\Malwarebytes 2010-08-23 11:08:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-23 11:08:11 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-22 23:46:35 ----D---- C:\Windows\Minidump 2010-08-22 23:46:29 ----A---- C:\Windows\ntbtlog.txt 2010-08-11 17:27:26 ----A---- C:\Windows\system32\mshtml.dll 2010-08-11 17:27:26 ----A---- C:\Windows\system32\iertutil.dll 2010-08-11 17:27:25 ----A---- C:\Windows\system32\urlmon.dll 2010-08-11 17:27:25 ----A---- C:\Windows\system32\ieframe.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\wininet.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\occache.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\mstime.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedssync.exe 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeeds.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\jsproxy.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieUnatt.exe 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieui.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesysprep.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesetup.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iernonce.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iepeers.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iedkcs32.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ie4uinit.exe 2010-08-11 17:27:15 ----A---- C:\Windows\system32\iccvid.dll 2010-08-11 17:27:14 ----A---- C:\Windows\system32\schannel.dll 2010-08-11 17:27:08 ----A---- C:\Windows\system32\win32k.sys 2010-08-11 17:27:04 ----A---- C:\Windows\system32\rtutils.dll 2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv.sys 2010-08-11 17:26:43 ----A---- C:\Windows\system32\msxml3.dll 2010-08-11 17:26:41 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-05 21:27:26 ----D---- C:\Users\dieryck\AppData\Roaming\Skype 2010-08-05 21:26:22 ----D---- C:\Program Files\Common Files\Skype 2010-08-05 21:26:21 ----RD---- C:\Program Files\Skype 2010-08-05 21:26:12 ----D---- C:\ProgramData\Skype 2010-08-03 11:00:12 ----A---- C:\Windows\system32\shell32.dll ======List of files/folders modified in the last 1 months====== 2010-08-25 15:24:17 ----D---- C:\Windows\Prefetch 2010-08-25 15:21:48 ----D---- C:\Windows\system32\drivers 2010-08-25 15:21:48 ----D---- C:\Windows 2010-08-25 15:15:52 ----D---- C:\Windows\Tasks 2010-08-25 15:13:43 ----A---- C:\Windows\system.ini 2010-08-25 15:13:29 ----D---- C:\Windows\system32\drivers\etc 2010-08-25 15:03:07 ----D---- C:\Windows\System32 2010-08-25 15:01:13 ----D---- C:\Windows\AppPatch 2010-08-25 15:01:13 ----D---- C:\Program Files\Common Files 2010-08-25 14:59:14 ----D---- C:\ProgramData\Google Updater 2010-08-24 23:32:36 ----RD---- C:\Program Files 2010-08-24 22:09:59 ----D---- C:\ProgramData 2010-08-24 22:04:48 ----D---- C:\Users\dieryck\AppData\Roaming\uTorrent 2010-08-24 20:58:12 ----SHD---- C:\Windows\Installer 2010-08-24 20:57:38 ----SHD---- C:\System Volume Information 2010-08-24 18:37:56 ----D---- C:\Windows\inf 2010-08-24 18:37:56 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-24 13:50:06 ----D---- C:\Windows\system32\wbem 2010-08-24 13:41:06 ----D---- C:\Windows\system32\catroot2 2010-08-23 12:33:00 ----D---- C:\Windows\Globalization 2010-08-23 11:38:19 ----D---- C:\Windows\Provisioning 2010-08-23 00:18:59 ----D---- C:\Windows\system32\Tasks 2010-08-23 00:03:43 ----D---- C:\Windows\system32\spool 2010-08-23 00:03:43 ----D---- C:\Windows\registration 2010-08-22 23:51:56 ----D---- C:\Windows\system32\Msdtc 2010-08-16 01:50:58 ----SD---- C:\Windows\Downloaded Program Files 2010-08-12 12:17:53 ----D---- C:\Windows\winsxs 2010-08-12 12:16:10 ----D---- C:\Windows\Microsoft.NET 2010-08-12 12:15:44 ----RSD---- C:\Windows\assembly 2010-08-12 12:04:51 ----D---- C:\Windows\system32\migration 2010-08-12 12:04:51 ----D---- C:\Program Files\Internet Explorer 2010-08-12 12:04:48 ----D---- C:\Program Files\Movie Maker 2010-08-12 11:44:26 ----D---- C:\Windows\system32\catroot 2010-08-12 11:44:19 ----D---- C:\Program Files\Windows Mail 2010-08-04 17:12:50 ----D---- C:\Program Files\Common Files\Adobe 2010-08-04 17:12:07 ----D---- C:\Program Files\Common Files\PX Storage Engine 2010-08-04 17:11:57 ----D---- C:\Program Files\Adobe 2010-08-03 20:12:23 ----HD---- C:\Program Files\InstallShield Installation Information 2010-08-03 20:12:23 ----D---- C:\Program Files\Electronic Arts 2010-08-03 20:10:17 ----D---- C:\Program Files\Pcsx2 2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe 2010-08-03 20:05:10 ----D---- C:\ProgramData\Media Center Programs 2010-08-03 08:45:01 ----D---- C:\Program Files\Mozilla Firefox 2010-08-02 07:15:14 ----A---- C:\Windows\win.ini 2010-08-01 22:50:42 ----HD---- C:\Windows\mw2mmgr32 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-01 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-21 281760] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-21 25888] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-02 4179968] R3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-19 7680] R3 ovt530;Webcam Deluxe; C:\Windows\System32\Drivers\ov530vid.sys [2005-03-15 161792] R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-29 104448] R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-05-08 269824] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 mbr;mbr; \??\C:\Users\dieryck\AppData\Local\Temp\mbr.sys [] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-17 691696] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 720896] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-30 75064] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-31 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 183280] S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636] S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- a+
  10. sacha99
    je up car je ne suis pas sur que tuaies vu mon edit
  11. sacha99
    J'ai hésité a le modifier moi-même vu le message d'erreur mais bon je préfère laisser faire les pros ^^ Pas de problèmes pour ton erreur merci de te dévouer comme ca voici quand même le premier rapport, je te poste le suivant dès que j'ai refait le script : ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Wed Aug 25 13:09:09 2010 13:09:03: Error: Invalid registry syntax in command: "[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) 13:09:09: Error: Execution aborted by user! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Wed Aug 25 13:12:05 2010 13:11:55: Error: Invalid registry syntax in command: "[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) 13:12:00: Error: Invalid registry syntax in command: "[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) 13:12:02: Error: Invalid registry syntax in command: "[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "HHAKKP" deleted successfully. File "c:\windows\system32\drivers\hhakkp.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. EDIT : voila le deuxieme rapport. Par contre j'ai aussi un problème lorsque j'allume l'ordi, il s'éteint lorsqu'on arrive à la page de choix de session, lorsqu'on le rallume une deuxième fois, pas de problème par contre ! Et sinon antivir détecte a chaque allumage hhakkp comme un virus, j'ai mis l'option par défaut "deny access" dois je le deleter ? Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\HHAKKP" not found! Deletion of driver "HHAKKP" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\drivers\hhakkp.sys" not found! Deletion of file "c:\windows\system32\drivers\hhakkp.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP" deleted successfully. Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP" deleted successfully. Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.
  12. sacha99
    Bonjour, Le logiciel me met error : invalid registry syntax in command......... only registry keys under the HKEY_... are accessible to this program
  13. sacha99
    Tu me stresses là voila le rapport : 1. ========================= SEAF 1.0.0.7 - C_XX 2. 3. Commencé à: 23:32:54 le 24/08/2010 4. 5. Valeur(s) recherchée(s): 6. 7. hhakkp 8. 9. (!) --- Recherche registre 10. 11. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 12. 13. "c:\Windows\System32\drivers\hhakkp.sys" [ ----A---- | 785408 ] 14. TC: 22/08/2010,23:25:30 | TM: 24/08/2010,23:35:48 | DA: 22/08/2010,23:25:30 15. 16. ========================= 17. 18. "c:\Qoobox\Quarantine\Registry_backups\Legacy_HHAKKP.reg.dat" [ ----A---- | 1076 ] 19. TC: 24/08/2010,00:10:10 | TM: 24/08/2010,13:51:44 | DA: 24/08/2010,00:10:10 20. 21. ========================= 22. 23. "c:\Qoobox\Quarantine\Registry_backups\Service_hhakkp.reg.dat" [ ----A---- | 74 ] 24. TC: 24/08/2010,00:10:10 | TM: 24/08/2010,13:51:44 | DA: 24/08/2010,00:10:10 25. 26. ========================= 27. 28. "c:\Qoobox\Quarantine\C\Windows\System32\drivers\_hhakkp_.sys.zip" [ ----A---- | 1563184 ] 29. TC: 24/08/2010,00:15:58 | TM: 24/08/2010,00:15:58 | DA: 24/08/2010,00:15:58 30. 31. ========================= 32. 33. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 34. 35. Aucun dossier trouvé 36. 37. 38. ====== Entrée(s) du registre ====== 39. 40. 41. 42. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP\0000] 43. "DeviceDesc"="hhakkp" 44. 45. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP\0000] 46. "Service"="hhakkp" 47. 48. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP\0000\Control] 49. "ActiveService"="hhakkp" 50. 51. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP\0000] 52. "DeviceDesc"="hhakkp" 53. 54. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP\0000] 55. "Service"="hhakkp" 56. 57. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP\0000] 58. "DeviceDesc"="hhakkp" 59. 60. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP\0000] 61. "Service"="hhakkp" 62. 63. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP\0000\Control] 64. "ActiveService"="hhakkp" 65. 66. ========================= 67. 68. Fin à: 23:36:50 le 24/08/2010 ( E.O.F ) a+
  14. sacha99
    salut Voici le rapport : Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\hhakkp.sys" not found! Deletion of driver "c:\windows\system32\drivers\hhakkp.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf" not found! Deletion of driver "c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\kgpcpy.cfg" not found! Deletion of driver "c:\windows\system32\drivers\kgpcpy.cfg" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\kgpfr2.cfg" not found! Deletion of driver "c:\windows\system32\drivers\kgpfr2.cfg" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "c:\programdata\STOPzilla!" deleted successfully. Folder "c:\users\dieryck\AppData\Local\epgkyeupn" deleted successfully. Error: could not open file "c:\windows\system32\drivers\hhakkp.sys" Deletion of file "c:\windows\system32\drivers\hhakkp.sys" failed! Status: 0xc0000001 (STATUS_UNSUCCESSFUL) File "c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf" deleted successfully. File "c:\windows\system32\drivers\kgpcpy.cfg" deleted successfully. File "c:\windows\system32\drivers\kgpfr2.cfg" deleted successfully. Completed script processing. ******************* Finished! Terminate. A+
  15. sacha99
    Bon voici les 3 rapports que tu m'as demandé mais l'ordi est devenu beaucoup plus lent et il n'arrive plus à s'éteindre, je suis obligé de forcer l'extinction ! le rapport rkill : This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as dieryck on 24/08/2010 at 17:47:16. Processes terminated by Rkill or while it was running: C:\Users\dieryck\Downloads\rkill.scr Rkill completed on 24/08/2010 at 17:47:19. le rapport tdsskiller qui n'a par contre trouvé aucuns malicious objects, "juste" des suspicious files pour lesquelles j'ai conservé l'action par défaut c'est à dire skip. 2010/08/24 17:50:58.0507 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23 2010/08/24 17:50:58.0508 ================================================================================ 2010/08/24 17:50:58.0508 SystemInfo: 2010/08/24 17:50:58.0508 2010/08/24 17:50:58.0508 OS Version: 6.0.6002 ServicePack: 2.0 2010/08/24 17:50:58.0508 Product type: Workstation 2010/08/24 17:50:58.0508 ComputerName: PC-DE-DIERYCK 2010/08/24 17:50:58.0508 UserName: dieryck 2010/08/24 17:50:58.0508 Windows directory: C:\Windows 2010/08/24 17:50:58.0508 System windows directory: C:\Windows 2010/08/24 17:50:58.0508 Processor architecture: Intel x86 2010/08/24 17:50:58.0508 Number of processors: 2 2010/08/24 17:50:58.0508 Page size: 0x1000 2010/08/24 17:50:58.0508 Boot type: Normal boot 2010/08/24 17:50:58.0508 ================================================================================ 2010/08/24 17:51:06.0209 Initialize success 2010/08/24 17:51:13.0369 ================================================================================ 2010/08/24 17:51:13.0369 Scan started 2010/08/24 17:51:13.0369 Mode: Manual; 2010/08/24 17:51:13.0369 ================================================================================ 2010/08/24 17:51:14.0292 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2010/08/24 17:51:14.0351 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2010/08/24 17:51:14.0419 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2010/08/24 17:51:14.0470 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2010/08/24 17:51:14.0510 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2010/08/24 17:51:14.0627 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2010/08/24 17:51:14.0689 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2010/08/24 17:51:14.0742 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/08/24 17:51:14.0789 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2010/08/24 17:51:14.0830 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2010/08/24 17:51:14.0873 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2010/08/24 17:51:14.0912 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2010/08/24 17:51:14.0951 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2010/08/24 17:51:15.0058 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2010/08/24 17:51:15.0104 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2010/08/24 17:51:15.0145 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/08/24 17:51:15.0185 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2010/08/24 17:51:15.0315 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys 2010/08/24 17:51:15.0477 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 2010/08/24 17:51:15.0548 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/08/24 17:51:15.0595 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/08/24 17:51:15.0647 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys 2010/08/24 17:51:15.0695 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2010/08/24 17:51:15.0738 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2010/08/24 17:51:15.0773 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2010/08/24 17:51:15.0810 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/08/24 17:51:15.0853 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/08/24 17:51:15.0895 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/08/24 17:51:15.0924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/08/24 17:51:15.0959 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/08/24 17:51:15.0979 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/08/24 17:51:16.0003 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/08/24 17:51:16.0048 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/08/24 17:51:16.0084 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2010/08/24 17:51:16.0120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2010/08/24 17:51:16.0168 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2010/08/24 17:51:16.0217 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2010/08/24 17:51:16.0251 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys 2010/08/24 17:51:16.0286 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2010/08/24 17:51:16.0315 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2010/08/24 17:51:16.0386 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2010/08/24 17:51:16.0429 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2010/08/24 17:51:16.0493 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2010/08/24 17:51:16.0562 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2010/08/24 17:51:16.0619 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/08/24 17:51:16.0746 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2010/08/24 17:51:16.0904 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2010/08/24 17:51:16.0946 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2010/08/24 17:51:17.0011 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2010/08/24 17:51:17.0075 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2010/08/24 17:51:17.0102 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2010/08/24 17:51:17.0157 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2010/08/24 17:51:17.0196 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2010/08/24 17:51:17.0230 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/08/24 17:51:17.0261 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2010/08/24 17:51:17.0310 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2010/08/24 17:51:17.0348 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2010/08/24 17:51:17.0400 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/08/24 17:51:17.0488 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 2010/08/24 17:51:17.0545 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/08/24 17:51:17.0583 Suspicious service (NoAccess): hhakkp 2010/08/24 17:51:17.0653 hhakkp (9dd55346430319b1377478a132658426) C:\Windows\system32\drivers\hhakkp.sys 2010/08/24 17:51:17.0653 Suspicious file (NoAccess): C:\Windows\system32\drivers\hhakkp.sys. md5: 9dd55346430319b1377478a132658426 2010/08/24 17:51:17.0662 hhakkp - detected Locked service (1) 2010/08/24 17:51:17.0696 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/08/24 17:51:17.0731 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/08/24 17:51:17.0778 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2010/08/24 17:51:17.0839 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2010/08/24 17:51:17.0947 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2010/08/24 17:51:18.0015 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2010/08/24 17:51:18.0060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/08/24 17:51:18.0106 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2010/08/24 17:51:18.0188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/08/24 17:51:18.0252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2010/08/24 17:51:18.0276 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2010/08/24 17:51:18.0311 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/08/24 17:51:18.0375 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2010/08/24 17:51:18.0418 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2010/08/24 17:51:18.0451 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2010/08/24 17:51:18.0498 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys 2010/08/24 17:51:18.0528 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2010/08/24 17:51:18.0576 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/08/24 17:51:18.0609 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/08/24 17:51:18.0647 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/08/24 17:51:18.0672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/08/24 17:51:18.0711 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/08/24 17:51:18.0784 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2010/08/24 17:51:18.0867 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 2010/08/24 17:51:18.0895 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/08/24 17:51:18.0947 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2010/08/24 17:51:18.0985 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2010/08/24 17:51:19.0019 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2010/08/24 17:51:19.0052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2010/08/24 17:51:19.0094 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2010/08/24 17:51:19.0142 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2010/08/24 17:51:19.0183 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2010/08/24 17:51:19.0201 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2010/08/24 17:51:19.0236 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2010/08/24 17:51:19.0255 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2010/08/24 17:51:19.0280 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2010/08/24 17:51:19.0318 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2010/08/24 17:51:19.0353 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2010/08/24 17:51:19.0400 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/08/24 17:51:19.0436 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2010/08/24 17:51:19.0503 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/08/24 17:51:19.0544 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/08/24 17:51:19.0622 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/08/24 17:51:19.0663 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2010/08/24 17:51:19.0702 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2010/08/24 17:51:19.0765 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2010/08/24 17:51:19.0787 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2010/08/24 17:51:19.0826 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2010/08/24 17:51:19.0890 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/08/24 17:51:19.0926 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2010/08/24 17:51:19.0967 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2010/08/24 17:51:19.0998 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/08/24 17:51:20.0031 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2010/08/24 17:51:20.0092 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys 2010/08/24 17:51:20.0130 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2010/08/24 17:51:20.0190 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2010/08/24 17:51:20.0287 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2010/08/24 17:51:20.0347 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/08/24 17:51:20.0392 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/08/24 17:51:20.0450 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/08/24 17:51:20.0488 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2010/08/24 17:51:20.0523 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2010/08/24 17:51:20.0568 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2010/08/24 17:51:20.0651 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/08/24 17:51:20.0732 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2010/08/24 17:51:20.0778 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2010/08/24 17:51:20.0844 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2010/08/24 17:51:20.0935 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/08/24 17:51:20.0972 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2010/08/24 17:51:20.0999 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2010/08/24 17:51:21.0038 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2010/08/24 17:51:21.0081 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2010/08/24 17:51:21.0195 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2010/08/24 17:51:21.0263 ovt530 (71cffb1e06aa8978a7b4a346c191f8ba) C:\Windows\system32\Drivers\ov530vid.sys 2010/08/24 17:51:21.0313 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 2010/08/24 17:51:21.0346 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2010/08/24 17:51:21.0398 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 2010/08/24 17:51:21.0449 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2010/08/24 17:51:21.0496 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2010/08/24 17:51:21.0539 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2010/08/24 17:51:21.0597 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/08/24 17:51:21.0764 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2010/08/24 17:51:21.0837 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2010/08/24 17:51:21.0962 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2010/08/24 17:51:22.0064 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\Windows\system32\DRIVERS\psi_mf.sys 2010/08/24 17:51:22.0129 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys 2010/08/24 17:51:22.0229 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2010/08/24 17:51:22.0318 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/08/24 17:51:22.0359 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2010/08/24 17:51:22.0397 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2010/08/24 17:51:22.0453 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/08/24 17:51:22.0513 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/08/24 17:51:22.0565 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2010/08/24 17:51:22.0613 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2010/08/24 17:51:22.0651 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/08/24 17:51:22.0705 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2010/08/24 17:51:22.0744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2010/08/24 17:51:22.0796 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2010/08/24 17:51:22.0853 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2010/08/24 17:51:22.0895 RTL8169 (8cca591019216e9523e3cb385ce643e6) C:\Windows\system32\DRIVERS\Rtlh86.sys 2010/08/24 17:51:22.0926 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/08/24 17:51:22.0990 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/08/24 17:51:23.0033 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2010/08/24 17:51:23.0064 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2010/08/24 17:51:23.0099 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2010/08/24 17:51:23.0153 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2010/08/24 17:51:23.0184 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2010/08/24 17:51:23.0210 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2010/08/24 17:51:23.0244 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2010/08/24 17:51:23.0286 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2010/08/24 17:51:23.0329 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2010/08/24 17:51:23.0370 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2010/08/24 17:51:23.0429 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2010/08/24 17:51:23.0492 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2010/08/24 17:51:23.0574 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2010/08/24 17:51:23.0574 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2010/08/24 17:51:23.0583 sptd - detected Locked file (1) 2010/08/24 17:51:23.0631 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 2010/08/24 17:51:23.0699 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 2010/08/24 17:51:23.0755 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 2010/08/24 17:51:23.0820 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/08/24 17:51:23.0856 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2010/08/24 17:51:23.0903 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/08/24 17:51:23.0943 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/08/24 17:51:23.0981 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/08/24 17:51:24.0125 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2010/08/24 17:51:24.0200 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2010/08/24 17:51:24.0240 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2010/08/24 17:51:24.0276 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2010/08/24 17:51:24.0310 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2010/08/24 17:51:24.0357 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2010/08/24 17:51:24.0398 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2010/08/24 17:51:24.0462 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/08/24 17:51:24.0498 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2010/08/24 17:51:24.0570 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2010/08/24 17:51:24.0614 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2010/08/24 17:51:24.0660 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2010/08/24 17:51:24.0715 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2010/08/24 17:51:24.0763 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2010/08/24 17:51:24.0811 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/08/24 17:51:24.0873 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/08/24 17:51:24.0912 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2010/08/24 17:51:24.0989 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys 2010/08/24 17:51:25.0031 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2010/08/24 17:51:25.0070 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/08/24 17:51:25.0114 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/08/24 17:51:25.0173 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2010/08/24 17:51:25.0207 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2010/08/24 17:51:25.0269 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2010/08/24 17:51:25.0324 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2010/08/24 17:51:25.0354 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/08/24 17:51:25.0381 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/08/24 17:51:25.0421 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/08/24 17:51:25.0453 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2010/08/24 17:51:25.0487 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2010/08/24 17:51:25.0524 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2010/08/24 17:51:25.0589 VIAHdAudAddService (8e0e128c2b53c1316e3ea5708d0d3c8c) C:\Windows\system32\drivers\viahduaa.sys 2010/08/24 17:51:25.0630 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2010/08/24 17:51:25.0666 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2010/08/24 17:51:25.0722 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2010/08/24 17:51:25.0772 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2010/08/24 17:51:25.0822 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2010/08/24 17:51:25.0892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/08/24 17:51:25.0933 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/24 17:51:25.0948 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/24 17:51:25.0987 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2010/08/24 17:51:26.0026 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2010/08/24 17:51:26.0137 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 2010/08/24 17:51:26.0224 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2010/08/24 17:51:26.0262 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/08/24 17:51:26.0313 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/08/24 17:51:26.0362 ================================================================================ 2010/08/24 17:51:26.0363 Scan finished 2010/08/24 17:51:26.0363 ================================================================================ 2010/08/24 17:51:26.0376 Detected object count: 2 2010/08/24 17:52:12.0963 Locked service(hhakkp) - User select action: Skip 2010/08/24 17:52:12.0963 Locked file(sptd) - User select action: Skip 2010/08/24 17:54:52.0179 Deinitialize success Et enfin le dernier rapport Combofix : ComboFix 10-08-23.06 - dieryck 24/08/2010 18:08:08.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.2046.1217 [GMT 2:00] Lancé depuis: c:\users\dieryck\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-24 au 2010-08-24 )))))))))))))))))))))))))))))))))))) . 2010-08-24 16:18 . 2010-08-24 16:19 -------- d-----w- c:\users\dieryck\AppData\Local\temp 2010-08-24 16:18 . 2010-08-24 16:18 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-24 16:18 . 2010-08-24 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-23 14:43 . 2010-08-24 11:01 -------- d-----w- c:\program files\trend micro 2010-08-23 14:43 . 2010-08-23 14:43 -------- d-----w- C:\rsit 2010-08-23 09:58 . 2010-08-24 16:02 -------- d-----w- c:\programdata\STOPzilla! 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\users\dieryck\AppData\Roaming\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\programdata\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-22 21:25 . 2010-08-23 09:34 -------- d-----w- c:\users\dieryck\AppData\Local\epgkyeupn 2010-08-20 19:32 . 2010-06-04 21:39 -------- d-----w- c:\users\dieryck\Tome 33 2010-08-11 15:26 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 15:26 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-11 15:26 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-11 15:26 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-11 15:26 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-11 15:26 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-05 19:27 . 2010-08-24 16:00 -------- d-----w- c:\users\dieryck\AppData\Roaming\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\program files\Common Files\Skype 2010-08-05 19:26 . 2010-08-05 19:27 -------- d-----r- c:\program files\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\programdata\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-24 16:02 . 2008-01-21 08:40 678804 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-24 16:02 . 2008-01-21 08:40 126420 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-24 16:01 . 2010-08-24 15:58 1040 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-08-24 16:00 . 2010-08-24 15:58 344 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg 2010-08-24 11:58 . 2009-03-31 19:49 -------- d-----w- c:\programdata\Google Updater 2010-08-23 20:23 . 2010-08-23 20:23 785408 ----a-w- c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf 2010-08-16 17:26 . 2009-08-25 09:59 -------- d-----w- c:\users\dieryck\AppData\Roaming\uTorrent 2010-08-12 09:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-04 15:12 . 2009-03-28 16:42 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-04 15:12 . 2010-03-28 12:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-08-03 18:12 . 2009-01-05 15:20 -------- d-----w- c:\program files\Electronic Arts 2010-08-03 18:12 . 2008-12-30 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-03 18:10 . 2010-05-14 15:28 -------- d-----w- c:\program files\Pcsx2 2010-08-03 18:05 . 2009-01-03 16:51 -------- d-----w- c:\programdata\Media Center Programs 2010-06-28 20:00 . 2010-06-28 20:00 -------- d-----w- c:\programdata\2DBoy 2010-06-28 19:57 . 2010-06-28 19:57 -------- d-----w- c:\program files\WorldOfGoo 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\users\dieryck\AppData\Roaming\Ubisoft 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\programdata\Ubisoft 2010-06-28 19:31 . 2009-01-01 12:42 -------- d-----w- c:\program files\Ubisoft 2010-06-26 18:40 . 2010-06-26 18:40 -------- d-----w- c:\program files\Microsoft.NET 2010-06-26 06:05 . 2010-08-11 15:27 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-11 15:27 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-11 15:27 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-11 15:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-11 15:27 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-11 15:27 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-15 19:12 . 2009-09-22 15:56 1 ----a-w- c:\users\dieryck\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-13 15:52 . 2008-12-30 17:12 70728 ----a-w- c:\users\dieryck\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-13 12:16 . 2009-03-01 17:11 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-06-11 16:16 . 2010-08-11 15:27 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-27 20:08 . 2010-08-11 15:27 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-05-26 17:06 . 2010-06-09 11:11 34304 ----a-w- c:\windows\system32\atmlib.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Sys32V2Contoller"="c:\windows\mw2mmgr32\mw2mmgr32.exe" [2010-05-21 221696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\dieryck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe] 2008-07-11 16:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):d3,2b,ea,32,0e,ec,c9,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 133104] R3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] --- Autres Services/Pilotes en mémoire --- *Deregistered* - hhakkp [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-08-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 19:49] 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job - c:\windows\system32\msfeedssync.exe [2010-08-11 04:24] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab FF - ProfilePath - c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-24 18:19 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hhakkp] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:59,ec,77,a3,8e,6b,ae,21,bd,c8,4c,e1,0c,0c,75,e3,a1,e0,dd,60,14,d2,bd, 6f,49,d6,53,88,73,c1,b2,0a,14,9d,fc,7c,70,2e,cc,47,d9,e8,cc,54,ac,2f,6e,55,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\License information*] "datasecu"=hex:f1,82,c5,2f,1a,7b,3f,08,b3,8d,65,1e,fd,3c,2e,01,84,bb,27,20,a2, eb,d1,45,37,a2,40,bc,8b,72,89,48,4e,b1,a5,ba,2c,18,4b,38,b7,03,2d,96,2d,4c,\ "rkeysecu"=hex:60,72,c7,18,69,1d,ba,a6,c9,1a,ad,56,62,96,a5,65 . Heure de fin: 2010-08-24 18:22:16 ComboFix-quarantined-files.txt 2010-08-24 16:22 ComboFix2.txt 2010-08-24 12:07 Avant-CF: 38.634.483.712 octets libres Après-CF: 38.601.392.128 octets libres - - End Of File - - E4B1AF2FF45ADA1A45C2A68D9F043EC6 a+
×
×
  • Créer...