Aller au contenu

sacha99

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    22

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par sacha99

  1. sacha99
    Je viens de tester, ca m'a l'air nickel ! Un grand merci
  2. sacha99
    Voila : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6182 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 27/03/2011 13:38:35 mbam-log-2011-03-27 (13-38-35).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 429011 Temps écoulé: 1 heure(s), 13 minute(s), 8 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  3. sacha99
    Voila le rapport, MBAM est en train de tourner pour l'instant ... Rapport de ZHPFix 1.12.3264 par Nicolas Coolman, Update du 25/03/2011 Fichier d'export Registre : Run by dieryck at 27/03/2011 12:23:30 Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) Web site : ZHPFix Fix de rapport Contact : nicolascoolman@yahoo.fr ========== Fichier(s) ========== c:\users\dieryck\desktop\autopano pro.lnk => Supprimé et mis en quarantaine c:\program files\kolor\autopano pro\autopano_win32.exe => Supprimé et mis en quarantaine c:\users\dieryck\appdata\roaming\microsoft\internet explorer\quick launch\autopano pro.lnk => Supprimé et mis en quarantaine c:\users\dieryck\appdata\roaming\microsoft\internet explorer\quick launch\lightroom 3.3.lnk => Supprimé et mis en quarantaine c:\program files\adobe\adobe photoshop lightroom 3.3\lightroom.exe => Supprimé et mis en quarantaine ========== Récapitulatif ========== 5 : Fichier(s) End of the scan
  4. sacha99
    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6182 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 27/03/2011 12:41:44 mbam-log-2011-03-27 (12-41-44).txt Type d'examen: Examen rapide Elément(s) analysé(s): 166513 Temps écoulé: 4 minute(s), 4 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\attrdkey (Spyware.Agent) -> Value: attrdkey -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Users\dieryck\AppData\Local\temp\cmdk RKill This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 27/03/2011 at 12:45:37. Operating System: Windows Vista Home Premium Processes terminated by Rkill or while it was running: C:\Windows\system32\conime.exe C:\Windows\system32\conime.exe C:\Windows\system32\conime.exe Rkill completed on 27/03/2011 at 12:45:39.
  5. sacha99
    Merci pour ton aide Voici le lien : Cijoint.fr - Service gratuit de dépôt de fichiers
  6. sacha99
    Je poste déja les rapports MBAM pendant que j'installe l'autre logiciel. Il yen a 2 parce que j'vais fait un examen rapide et n'ayant rien détecté j'en ai passé un complet ensuite. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4465 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 25/03/2011 16:27:37 mbam-log-2011-03-25 (16-27-37).txt Type d'examen: Examen rapide Elément(s) analysé(s): 142008 Temps écoulé: 11 minute(s), 37 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4465 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 25/03/2011 21:34:13 mbam-log-2011-03-25 (21-34-13).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 404254 Temps écoulé: 2 heure(s), 39 minute(s), 1 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Qoobox\Quarantine\C\Users\dieryck
  7. sacha99
    Rebonjour, j'avais en effet complètement oublié. Mais je viens de tenter la restauration en mode sans échec et il ne trouve aucun point. Alors que je suis sure qu'elle était active. Je suppose que c'est le virus qui s'en est occupé --' Que puis je tenter maintenant ? En sachant que j'ai déja passé malwarebytes antimalware ?
  8. sacha99
    Bonjour à tous, par manque de prudence j'ai téléchargé security tool. J'ai tenté de suivre ce tutoriel : http://forum.zebulon.fr/security-tool-comment-le-supprimer-t180074.html Mais je bloque au point 2. En effet, je ne trouve pas l'exécutable dans le dossier local. Pour ce qui est des points suivants, j'avais déja passé antivir et malwarebytes en mode sans échec mais ils n'ont rien trouvé. Merci d'avance pour vos conseils, cordialement, Sacha
  9. sacha99
    Aucune amélioration, je dois encore forcer l'extinction de l'ordi, pour le démarrage ca a marché ce coup-ci mais je ne sais pas si ca le fait a chaque fois. ComboFix 10-08-24.0A - dieryck 25/08/2010 14:58:02.2.2 - x86 Lancé depuis: c:\users\dieryck\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . Une copie infectée de c:\windows\system32\wininit.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!wininit.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-25 au 2010-08-25 )))))))))))))))))))))))))))))))))))) . 2010-08-25 13:03 . 2010-08-25 13:03 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-25 13:03 . 2010-08-25 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-24 21:32 . 2010-08-24 21:36 -------- d-----w- c:\program files\SEAF 2010-08-24 18:58 . 2010-08-24 18:58 -------- d-----w- c:\program files\Kolor 2010-08-24 16:22 . 2010-08-25 13:14 -------- d-----w- c:\users\dieryck\AppData\Local\temp 2010-08-23 14:43 . 2010-08-24 11:01 -------- d-----w- c:\program files\trend micro 2010-08-23 14:43 . 2010-08-23 14:43 -------- d-----w- C:\rsit 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\users\dieryck\AppData\Roaming\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\programdata\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-20 19:32 . 2010-06-04 21:39 -------- d-----w- c:\users\dieryck\Tome 33 2010-08-11 15:26 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 15:26 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-11 15:26 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-11 15:26 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-11 15:26 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-11 15:26 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-05 19:27 . 2010-08-25 13:14 -------- d-----w- c:\users\dieryck\AppData\Roaming\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\program files\Common Files\Skype 2010-08-05 19:26 . 2010-08-05 19:27 -------- d-----r- c:\program files\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\programdata\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-25 12:59 . 2009-03-31 19:49 -------- d-----w- c:\programdata\Google Updater 2010-08-24 20:04 . 2009-08-25 09:59 -------- d-----w- c:\users\dieryck\AppData\Roaming\uTorrent 2010-08-24 16:37 . 2008-01-21 08:40 678804 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-24 16:37 . 2008-01-21 08:40 126420 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-12 09:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-04 15:12 . 2009-03-28 16:42 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-04 15:12 . 2010-03-28 12:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-08-03 18:12 . 2009-01-05 15:20 -------- d-----w- c:\program files\Electronic Arts 2010-08-03 18:12 . 2008-12-30 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-03 18:10 . 2010-05-14 15:28 -------- d-----w- c:\program files\Pcsx2 2010-08-03 18:05 . 2009-01-03 16:51 -------- d-----w- c:\programdata\Media Center Programs 2010-06-28 20:00 . 2010-06-28 20:00 -------- d-----w- c:\programdata\2DBoy 2010-06-28 19:57 . 2010-06-28 19:57 -------- d-----w- c:\program files\WorldOfGoo 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\users\dieryck\AppData\Roaming\Ubisoft 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\programdata\Ubisoft 2010-06-28 19:31 . 2009-01-01 12:42 -------- d-----w- c:\program files\Ubisoft 2010-06-26 18:40 . 2010-06-26 18:40 -------- d-----w- c:\program files\Microsoft.NET 2010-06-26 06:05 . 2010-08-11 15:27 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-11 15:27 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-11 15:27 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-11 15:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-11 15:27 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-11 15:27 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-15 19:12 . 2009-09-22 15:56 1 ----a-w- c:\users\dieryck\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-13 15:52 . 2008-12-30 17:12 70728 ----a-w- c:\users\dieryck\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-13 12:16 . 2009-03-01 17:11 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-06-11 16:16 . 2010-08-11 15:27 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-27 20:08 . 2010-08-11 15:27 81920 ----a-w- c:\windows\system32\iccvid.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Sys32V2Contoller"="c:\windows\mw2mmgr32\mw2mmgr32.exe" [2010-05-21 221696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\dieryck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe] 2008-07-11 16:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):d3,2b,ea,32,0e,ec,c9,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 133104] R3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-17 691696] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] S3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2005-03-15 161792] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-05-08 269824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-08-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 19:49] 2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job - c:\windows\system32\msfeedssync.exe [2010-08-11 04:24] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab FF - ProfilePath - c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-25 15:13 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:59,ec,77,a3,8e,6b,ae,21,bd,c8,4c,e1,0c,0c,75,e3,a1,e0,dd,60,14,d2,bd, 6f,49,d6,53,88,73,c1,b2,0a,14,9d,fc,7c,70,2e,cc,47,d9,e8,cc,54,ac,2f,6e,55,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\License information*] "datasecu"=hex:f1,82,c5,2f,1a,7b,3f,08,b3,8d,65,1e,fd,3c,2e,01,84,bb,27,20,a2, eb,d1,45,37,a2,40,bc,8b,72,89,48,4e,b1,a5,ba,2c,18,4b,38,b7,03,2d,96,2d,4c,\ "rkeysecu"=hex:60,72,c7,18,69,1d,ba,a6,c9,1a,ad,56,62,96,a5,65 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(2492) c:\program files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\program files\Secunia\PSI\psi.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2010-08-25 15:21:45 - La machine a redémarré ComboFix-quarantined-files.txt 2010-08-25 13:21 ComboFix2.txt 2010-08-24 16:22 ComboFix3.txt 2010-08-24 12:07 Avant-CF: 31.019.708.416 octets libres Après-CF: 30.884.646.912 octets libres - - End Of File - - B04D7E6053F119AEE8762E76FEB60DBB et le rapport rsit : Logfile of random's system information tool 1.08 (written by random/random) Run by dieryck at 2010-08-25 15:24:14 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 29 GB (6%) free of 477 GB Total RAM: 2046 MB (50% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:24:17, on 25/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\dieryck\Desktop\RSIT.exe C:\Program Files\trend micro\dieryck.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sys32V2Contoller] C:\Windows\mw2mmgr32\mw2mmgr32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate1c9b239ebb99295) (gupdate1c9b239ebb99295) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 22121 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-31 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-13 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120] "Sys32V2Contoller"=C:\Windows\mw2mmgr32\mw2mmgr32.exe [2010-05-21 221696] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] C:\PROGRA~1\APACHE~1\Apache2.2\bin\APACHE~1.EXE [2009-08-06 41051] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-12-15 384000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-08-25 15:21:48 ----D---- C:\Windows\temp 2010-08-25 15:21:46 ----A---- C:\ComboFix.txt 2010-08-25 15:13:33 ----D---- C:\$RECYCLE.BIN 2010-08-25 14:53:13 ----A---- C:\Windows\SWXCACLS.exe 2010-08-25 13:20:41 ----A---- C:\avenger.txt 2010-08-24 23:36:50 ----A---- C:\SEAFlog.txt 2010-08-24 23:32:54 ----A---- C:\TmpSeaf.txt 2010-08-24 23:32:36 ----D---- C:\Program Files\SEAF 2010-08-24 22:09:59 ----D---- C:\Avenger 2010-08-24 20:58:12 ----D---- C:\Program Files\Kolor 2010-08-24 18:03:24 ----A---- C:\Windows\PEV.exe 2010-08-24 17:50:58 ----A---- C:\TDSSKiller.2.4.1.2_24.08.2010_17.50.58_log.txt 2010-08-24 13:54:20 ----ASH---- C:\hiberfil.sys 2010-08-24 00:00:54 ----A---- C:\Windows\NIRCMD.exe 2010-08-23 22:35:16 ----A---- C:\Windows\zip.exe 2010-08-23 22:35:16 ----A---- C:\Windows\SWSC.exe 2010-08-23 22:35:16 ----A---- C:\Windows\SWREG.exe 2010-08-23 22:35:16 ----A---- C:\Windows\sed.exe 2010-08-23 22:35:16 ----A---- C:\Windows\MBR.exe 2010-08-23 22:35:16 ----A---- C:\Windows\grep.exe 2010-08-23 22:35:10 ----D---- C:\Windows\ERDNT 2010-08-23 22:33:52 ----D---- C:\Qoobox 2010-08-23 16:43:47 ----D---- C:\Program Files\trend micro 2010-08-23 16:43:46 ----D---- C:\rsit 2010-08-23 11:08:18 ----D---- C:\Users\dieryck\AppData\Roaming\Malwarebytes 2010-08-23 11:08:12 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-23 11:08:11 ----D---- C:\ProgramData\Malwarebytes 2010-08-23 11:08:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-23 11:08:11 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-22 23:46:35 ----D---- C:\Windows\Minidump 2010-08-22 23:46:29 ----A---- C:\Windows\ntbtlog.txt 2010-08-11 17:27:26 ----A---- C:\Windows\system32\mshtml.dll 2010-08-11 17:27:26 ----A---- C:\Windows\system32\iertutil.dll 2010-08-11 17:27:25 ----A---- C:\Windows\system32\urlmon.dll 2010-08-11 17:27:25 ----A---- C:\Windows\system32\ieframe.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\wininet.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\occache.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\mstime.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedssync.exe 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeeds.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\jsproxy.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieUnatt.exe 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieui.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesysprep.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesetup.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iernonce.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iepeers.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iedkcs32.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ie4uinit.exe 2010-08-11 17:27:15 ----A---- C:\Windows\system32\iccvid.dll 2010-08-11 17:27:14 ----A---- C:\Windows\system32\schannel.dll 2010-08-11 17:27:08 ----A---- C:\Windows\system32\win32k.sys 2010-08-11 17:27:04 ----A---- C:\Windows\system32\rtutils.dll 2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv.sys 2010-08-11 17:26:43 ----A---- C:\Windows\system32\msxml3.dll 2010-08-11 17:26:41 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-05 21:27:26 ----D---- C:\Users\dieryck\AppData\Roaming\Skype 2010-08-05 21:26:22 ----D---- C:\Program Files\Common Files\Skype 2010-08-05 21:26:21 ----RD---- C:\Program Files\Skype 2010-08-05 21:26:12 ----D---- C:\ProgramData\Skype 2010-08-03 11:00:12 ----A---- C:\Windows\system32\shell32.dll ======List of files/folders modified in the last 1 months====== 2010-08-25 15:24:17 ----D---- C:\Windows\Prefetch 2010-08-25 15:21:48 ----D---- C:\Windows\system32\drivers 2010-08-25 15:21:48 ----D---- C:\Windows 2010-08-25 15:15:52 ----D---- C:\Windows\Tasks 2010-08-25 15:13:43 ----A---- C:\Windows\system.ini 2010-08-25 15:13:29 ----D---- C:\Windows\system32\drivers\etc 2010-08-25 15:03:07 ----D---- C:\Windows\System32 2010-08-25 15:01:13 ----D---- C:\Windows\AppPatch 2010-08-25 15:01:13 ----D---- C:\Program Files\Common Files 2010-08-25 14:59:14 ----D---- C:\ProgramData\Google Updater 2010-08-24 23:32:36 ----RD---- C:\Program Files 2010-08-24 22:09:59 ----D---- C:\ProgramData 2010-08-24 22:04:48 ----D---- C:\Users\dieryck\AppData\Roaming\uTorrent 2010-08-24 20:58:12 ----SHD---- C:\Windows\Installer 2010-08-24 20:57:38 ----SHD---- C:\System Volume Information 2010-08-24 18:37:56 ----D---- C:\Windows\inf 2010-08-24 18:37:56 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-24 13:50:06 ----D---- C:\Windows\system32\wbem 2010-08-24 13:41:06 ----D---- C:\Windows\system32\catroot2 2010-08-23 12:33:00 ----D---- C:\Windows\Globalization 2010-08-23 11:38:19 ----D---- C:\Windows\Provisioning 2010-08-23 00:18:59 ----D---- C:\Windows\system32\Tasks 2010-08-23 00:03:43 ----D---- C:\Windows\system32\spool 2010-08-23 00:03:43 ----D---- C:\Windows\registration 2010-08-22 23:51:56 ----D---- C:\Windows\system32\Msdtc 2010-08-16 01:50:58 ----SD---- C:\Windows\Downloaded Program Files 2010-08-12 12:17:53 ----D---- C:\Windows\winsxs 2010-08-12 12:16:10 ----D---- C:\Windows\Microsoft.NET 2010-08-12 12:15:44 ----RSD---- C:\Windows\assembly 2010-08-12 12:04:51 ----D---- C:\Windows\system32\migration 2010-08-12 12:04:51 ----D---- C:\Program Files\Internet Explorer 2010-08-12 12:04:48 ----D---- C:\Program Files\Movie Maker 2010-08-12 11:44:26 ----D---- C:\Windows\system32\catroot 2010-08-12 11:44:19 ----D---- C:\Program Files\Windows Mail 2010-08-04 17:12:50 ----D---- C:\Program Files\Common Files\Adobe 2010-08-04 17:12:07 ----D---- C:\Program Files\Common Files\PX Storage Engine 2010-08-04 17:11:57 ----D---- C:\Program Files\Adobe 2010-08-03 20:12:23 ----HD---- C:\Program Files\InstallShield Installation Information 2010-08-03 20:12:23 ----D---- C:\Program Files\Electronic Arts 2010-08-03 20:10:17 ----D---- C:\Program Files\Pcsx2 2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe 2010-08-03 20:05:10 ----D---- C:\ProgramData\Media Center Programs 2010-08-03 08:45:01 ----D---- C:\Program Files\Mozilla Firefox 2010-08-02 07:15:14 ----A---- C:\Windows\win.ini 2010-08-01 22:50:42 ----HD---- C:\Windows\mw2mmgr32 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-01 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-21 281760] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-21 25888] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-02 4179968] R3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-19 7680] R3 ovt530;Webcam Deluxe; C:\Windows\System32\Drivers\ov530vid.sys [2005-03-15 161792] R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-29 104448] R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-05-08 269824] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 mbr;mbr; \??\C:\Users\dieryck\AppData\Local\Temp\mbr.sys [] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-17 691696] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 720896] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-30 75064] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-31 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 183280] S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636] S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- a+
  10. sacha99
    je up car je ne suis pas sur que tuaies vu mon edit
  11. sacha99
    J'ai hésité a le modifier moi-même vu le message d'erreur mais bon je préfère laisser faire les pros ^^ Pas de problèmes pour ton erreur merci de te dévouer comme ca voici quand même le premier rapport, je te poste le suivant dès que j'ai refait le script : ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Wed Aug 25 13:09:09 2010 13:09:03: Error: Invalid registry syntax in command: "[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) 13:09:09: Error: Execution aborted by user! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Wed Aug 25 13:12:05 2010 13:11:55: Error: Invalid registry syntax in command: "[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) 13:12:00: Error: Invalid registry syntax in command: "[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) 13:12:02: Error: Invalid registry syntax in command: "[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "HHAKKP" deleted successfully. File "c:\windows\system32\drivers\hhakkp.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. EDIT : voila le deuxieme rapport. Par contre j'ai aussi un problème lorsque j'allume l'ordi, il s'éteint lorsqu'on arrive à la page de choix de session, lorsqu'on le rallume une deuxième fois, pas de problème par contre ! Et sinon antivir détecte a chaque allumage hhakkp comme un virus, j'ai mis l'option par défaut "deny access" dois je le deleter ? Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\HHAKKP" not found! Deletion of driver "HHAKKP" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\drivers\hhakkp.sys" not found! Deletion of file "c:\windows\system32\drivers\hhakkp.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP" deleted successfully. Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP" deleted successfully. Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.
  12. sacha99
    Bonjour, Le logiciel me met error : invalid registry syntax in command......... only registry keys under the HKEY_... are accessible to this program
  13. sacha99
    Tu me stresses là voila le rapport : 1. ========================= SEAF 1.0.0.7 - C_XX 2. 3. Commencé à: 23:32:54 le 24/08/2010 4. 5. Valeur(s) recherchée(s): 6. 7. hhakkp 8. 9. (!) --- Recherche registre 10. 11. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 12. 13. "c:\Windows\System32\drivers\hhakkp.sys" [ ----A---- | 785408 ] 14. TC: 22/08/2010,23:25:30 | TM: 24/08/2010,23:35:48 | DA: 22/08/2010,23:25:30 15. 16. ========================= 17. 18. "c:\Qoobox\Quarantine\Registry_backups\Legacy_HHAKKP.reg.dat" [ ----A---- | 1076 ] 19. TC: 24/08/2010,00:10:10 | TM: 24/08/2010,13:51:44 | DA: 24/08/2010,00:10:10 20. 21. ========================= 22. 23. "c:\Qoobox\Quarantine\Registry_backups\Service_hhakkp.reg.dat" [ ----A---- | 74 ] 24. TC: 24/08/2010,00:10:10 | TM: 24/08/2010,13:51:44 | DA: 24/08/2010,00:10:10 25. 26. ========================= 27. 28. "c:\Qoobox\Quarantine\C\Windows\System32\drivers\_hhakkp_.sys.zip" [ ----A---- | 1563184 ] 29. TC: 24/08/2010,00:15:58 | TM: 24/08/2010,00:15:58 | DA: 24/08/2010,00:15:58 30. 31. ========================= 32. 33. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 34. 35. Aucun dossier trouvé 36. 37. 38. ====== Entrée(s) du registre ====== 39. 40. 41. 42. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP\0000] 43. "DeviceDesc"="hhakkp" 44. 45. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP\0000] 46. "Service"="hhakkp" 47. 48. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP\0000\Control] 49. "ActiveService"="hhakkp" 50. 51. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP\0000] 52. "DeviceDesc"="hhakkp" 53. 54. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP\0000] 55. "Service"="hhakkp" 56. 57. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP\0000] 58. "DeviceDesc"="hhakkp" 59. 60. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP\0000] 61. "Service"="hhakkp" 62. 63. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP\0000\Control] 64. "ActiveService"="hhakkp" 65. 66. ========================= 67. 68. Fin à: 23:36:50 le 24/08/2010 ( E.O.F ) a+
  14. sacha99
    salut Voici le rapport : Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\hhakkp.sys" not found! Deletion of driver "c:\windows\system32\drivers\hhakkp.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf" not found! Deletion of driver "c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\kgpcpy.cfg" not found! Deletion of driver "c:\windows\system32\drivers\kgpcpy.cfg" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\kgpfr2.cfg" not found! Deletion of driver "c:\windows\system32\drivers\kgpfr2.cfg" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "c:\programdata\STOPzilla!" deleted successfully. Folder "c:\users\dieryck\AppData\Local\epgkyeupn" deleted successfully. Error: could not open file "c:\windows\system32\drivers\hhakkp.sys" Deletion of file "c:\windows\system32\drivers\hhakkp.sys" failed! Status: 0xc0000001 (STATUS_UNSUCCESSFUL) File "c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf" deleted successfully. File "c:\windows\system32\drivers\kgpcpy.cfg" deleted successfully. File "c:\windows\system32\drivers\kgpfr2.cfg" deleted successfully. Completed script processing. ******************* Finished! Terminate. A+
  15. sacha99
    Bon voici les 3 rapports que tu m'as demandé mais l'ordi est devenu beaucoup plus lent et il n'arrive plus à s'éteindre, je suis obligé de forcer l'extinction ! le rapport rkill : This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as dieryck on 24/08/2010 at 17:47:16. Processes terminated by Rkill or while it was running: C:\Users\dieryck\Downloads\rkill.scr Rkill completed on 24/08/2010 at 17:47:19. le rapport tdsskiller qui n'a par contre trouvé aucuns malicious objects, "juste" des suspicious files pour lesquelles j'ai conservé l'action par défaut c'est à dire skip. 2010/08/24 17:50:58.0507 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23 2010/08/24 17:50:58.0508 ================================================================================ 2010/08/24 17:50:58.0508 SystemInfo: 2010/08/24 17:50:58.0508 2010/08/24 17:50:58.0508 OS Version: 6.0.6002 ServicePack: 2.0 2010/08/24 17:50:58.0508 Product type: Workstation 2010/08/24 17:50:58.0508 ComputerName: PC-DE-DIERYCK 2010/08/24 17:50:58.0508 UserName: dieryck 2010/08/24 17:50:58.0508 Windows directory: C:\Windows 2010/08/24 17:50:58.0508 System windows directory: C:\Windows 2010/08/24 17:50:58.0508 Processor architecture: Intel x86 2010/08/24 17:50:58.0508 Number of processors: 2 2010/08/24 17:50:58.0508 Page size: 0x1000 2010/08/24 17:50:58.0508 Boot type: Normal boot 2010/08/24 17:50:58.0508 ================================================================================ 2010/08/24 17:51:06.0209 Initialize success 2010/08/24 17:51:13.0369 ================================================================================ 2010/08/24 17:51:13.0369 Scan started 2010/08/24 17:51:13.0369 Mode: Manual; 2010/08/24 17:51:13.0369 ================================================================================ 2010/08/24 17:51:14.0292 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2010/08/24 17:51:14.0351 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2010/08/24 17:51:14.0419 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2010/08/24 17:51:14.0470 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2010/08/24 17:51:14.0510 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2010/08/24 17:51:14.0627 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2010/08/24 17:51:14.0689 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2010/08/24 17:51:14.0742 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/08/24 17:51:14.0789 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2010/08/24 17:51:14.0830 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2010/08/24 17:51:14.0873 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2010/08/24 17:51:14.0912 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2010/08/24 17:51:14.0951 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2010/08/24 17:51:15.0058 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2010/08/24 17:51:15.0104 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2010/08/24 17:51:15.0145 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/08/24 17:51:15.0185 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2010/08/24 17:51:15.0315 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys 2010/08/24 17:51:15.0477 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 2010/08/24 17:51:15.0548 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/08/24 17:51:15.0595 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/08/24 17:51:15.0647 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys 2010/08/24 17:51:15.0695 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2010/08/24 17:51:15.0738 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2010/08/24 17:51:15.0773 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2010/08/24 17:51:15.0810 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/08/24 17:51:15.0853 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/08/24 17:51:15.0895 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/08/24 17:51:15.0924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/08/24 17:51:15.0959 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/08/24 17:51:15.0979 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/08/24 17:51:16.0003 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/08/24 17:51:16.0048 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/08/24 17:51:16.0084 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2010/08/24 17:51:16.0120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2010/08/24 17:51:16.0168 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2010/08/24 17:51:16.0217 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2010/08/24 17:51:16.0251 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys 2010/08/24 17:51:16.0286 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2010/08/24 17:51:16.0315 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2010/08/24 17:51:16.0386 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2010/08/24 17:51:16.0429 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2010/08/24 17:51:16.0493 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2010/08/24 17:51:16.0562 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2010/08/24 17:51:16.0619 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/08/24 17:51:16.0746 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2010/08/24 17:51:16.0904 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2010/08/24 17:51:16.0946 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2010/08/24 17:51:17.0011 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2010/08/24 17:51:17.0075 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2010/08/24 17:51:17.0102 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2010/08/24 17:51:17.0157 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2010/08/24 17:51:17.0196 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2010/08/24 17:51:17.0230 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/08/24 17:51:17.0261 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2010/08/24 17:51:17.0310 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2010/08/24 17:51:17.0348 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2010/08/24 17:51:17.0400 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/08/24 17:51:17.0488 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 2010/08/24 17:51:17.0545 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/08/24 17:51:17.0583 Suspicious service (NoAccess): hhakkp 2010/08/24 17:51:17.0653 hhakkp (9dd55346430319b1377478a132658426) C:\Windows\system32\drivers\hhakkp.sys 2010/08/24 17:51:17.0653 Suspicious file (NoAccess): C:\Windows\system32\drivers\hhakkp.sys. md5: 9dd55346430319b1377478a132658426 2010/08/24 17:51:17.0662 hhakkp - detected Locked service (1) 2010/08/24 17:51:17.0696 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/08/24 17:51:17.0731 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/08/24 17:51:17.0778 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2010/08/24 17:51:17.0839 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2010/08/24 17:51:17.0947 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2010/08/24 17:51:18.0015 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2010/08/24 17:51:18.0060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/08/24 17:51:18.0106 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2010/08/24 17:51:18.0188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/08/24 17:51:18.0252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2010/08/24 17:51:18.0276 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2010/08/24 17:51:18.0311 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/08/24 17:51:18.0375 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2010/08/24 17:51:18.0418 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2010/08/24 17:51:18.0451 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2010/08/24 17:51:18.0498 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys 2010/08/24 17:51:18.0528 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2010/08/24 17:51:18.0576 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/08/24 17:51:18.0609 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/08/24 17:51:18.0647 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/08/24 17:51:18.0672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/08/24 17:51:18.0711 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/08/24 17:51:18.0784 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2010/08/24 17:51:18.0867 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 2010/08/24 17:51:18.0895 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/08/24 17:51:18.0947 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2010/08/24 17:51:18.0985 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2010/08/24 17:51:19.0019 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2010/08/24 17:51:19.0052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2010/08/24 17:51:19.0094 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2010/08/24 17:51:19.0142 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2010/08/24 17:51:19.0183 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2010/08/24 17:51:19.0201 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2010/08/24 17:51:19.0236 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2010/08/24 17:51:19.0255 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2010/08/24 17:51:19.0280 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2010/08/24 17:51:19.0318 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2010/08/24 17:51:19.0353 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2010/08/24 17:51:19.0400 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/08/24 17:51:19.0436 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2010/08/24 17:51:19.0503 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/08/24 17:51:19.0544 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/08/24 17:51:19.0622 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/08/24 17:51:19.0663 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2010/08/24 17:51:19.0702 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2010/08/24 17:51:19.0765 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2010/08/24 17:51:19.0787 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2010/08/24 17:51:19.0826 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2010/08/24 17:51:19.0890 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/08/24 17:51:19.0926 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2010/08/24 17:51:19.0967 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2010/08/24 17:51:19.0998 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/08/24 17:51:20.0031 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2010/08/24 17:51:20.0092 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys 2010/08/24 17:51:20.0130 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2010/08/24 17:51:20.0190 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2010/08/24 17:51:20.0287 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2010/08/24 17:51:20.0347 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/08/24 17:51:20.0392 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/08/24 17:51:20.0450 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/08/24 17:51:20.0488 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2010/08/24 17:51:20.0523 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2010/08/24 17:51:20.0568 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2010/08/24 17:51:20.0651 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/08/24 17:51:20.0732 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2010/08/24 17:51:20.0778 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2010/08/24 17:51:20.0844 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2010/08/24 17:51:20.0935 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/08/24 17:51:20.0972 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2010/08/24 17:51:20.0999 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2010/08/24 17:51:21.0038 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2010/08/24 17:51:21.0081 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2010/08/24 17:51:21.0195 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2010/08/24 17:51:21.0263 ovt530 (71cffb1e06aa8978a7b4a346c191f8ba) C:\Windows\system32\Drivers\ov530vid.sys 2010/08/24 17:51:21.0313 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 2010/08/24 17:51:21.0346 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2010/08/24 17:51:21.0398 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 2010/08/24 17:51:21.0449 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2010/08/24 17:51:21.0496 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2010/08/24 17:51:21.0539 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2010/08/24 17:51:21.0597 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/08/24 17:51:21.0764 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2010/08/24 17:51:21.0837 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2010/08/24 17:51:21.0962 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2010/08/24 17:51:22.0064 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\Windows\system32\DRIVERS\psi_mf.sys 2010/08/24 17:51:22.0129 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys 2010/08/24 17:51:22.0229 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2010/08/24 17:51:22.0318 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/08/24 17:51:22.0359 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2010/08/24 17:51:22.0397 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2010/08/24 17:51:22.0453 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/08/24 17:51:22.0513 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/08/24 17:51:22.0565 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2010/08/24 17:51:22.0613 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2010/08/24 17:51:22.0651 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/08/24 17:51:22.0705 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2010/08/24 17:51:22.0744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2010/08/24 17:51:22.0796 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2010/08/24 17:51:22.0853 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2010/08/24 17:51:22.0895 RTL8169 (8cca591019216e9523e3cb385ce643e6) C:\Windows\system32\DRIVERS\Rtlh86.sys 2010/08/24 17:51:22.0926 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/08/24 17:51:22.0990 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/08/24 17:51:23.0033 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2010/08/24 17:51:23.0064 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2010/08/24 17:51:23.0099 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2010/08/24 17:51:23.0153 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2010/08/24 17:51:23.0184 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2010/08/24 17:51:23.0210 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2010/08/24 17:51:23.0244 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2010/08/24 17:51:23.0286 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2010/08/24 17:51:23.0329 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2010/08/24 17:51:23.0370 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2010/08/24 17:51:23.0429 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2010/08/24 17:51:23.0492 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2010/08/24 17:51:23.0574 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2010/08/24 17:51:23.0574 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2010/08/24 17:51:23.0583 sptd - detected Locked file (1) 2010/08/24 17:51:23.0631 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 2010/08/24 17:51:23.0699 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 2010/08/24 17:51:23.0755 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 2010/08/24 17:51:23.0820 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/08/24 17:51:23.0856 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2010/08/24 17:51:23.0903 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/08/24 17:51:23.0943 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/08/24 17:51:23.0981 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/08/24 17:51:24.0125 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2010/08/24 17:51:24.0200 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2010/08/24 17:51:24.0240 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2010/08/24 17:51:24.0276 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2010/08/24 17:51:24.0310 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2010/08/24 17:51:24.0357 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2010/08/24 17:51:24.0398 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2010/08/24 17:51:24.0462 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/08/24 17:51:24.0498 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2010/08/24 17:51:24.0570 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2010/08/24 17:51:24.0614 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2010/08/24 17:51:24.0660 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2010/08/24 17:51:24.0715 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2010/08/24 17:51:24.0763 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2010/08/24 17:51:24.0811 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/08/24 17:51:24.0873 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/08/24 17:51:24.0912 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2010/08/24 17:51:24.0989 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys 2010/08/24 17:51:25.0031 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2010/08/24 17:51:25.0070 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/08/24 17:51:25.0114 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/08/24 17:51:25.0173 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2010/08/24 17:51:25.0207 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2010/08/24 17:51:25.0269 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2010/08/24 17:51:25.0324 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2010/08/24 17:51:25.0354 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/08/24 17:51:25.0381 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/08/24 17:51:25.0421 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/08/24 17:51:25.0453 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2010/08/24 17:51:25.0487 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2010/08/24 17:51:25.0524 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2010/08/24 17:51:25.0589 VIAHdAudAddService (8e0e128c2b53c1316e3ea5708d0d3c8c) C:\Windows\system32\drivers\viahduaa.sys 2010/08/24 17:51:25.0630 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2010/08/24 17:51:25.0666 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2010/08/24 17:51:25.0722 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2010/08/24 17:51:25.0772 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2010/08/24 17:51:25.0822 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2010/08/24 17:51:25.0892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/08/24 17:51:25.0933 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/24 17:51:25.0948 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/24 17:51:25.0987 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2010/08/24 17:51:26.0026 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2010/08/24 17:51:26.0137 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 2010/08/24 17:51:26.0224 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2010/08/24 17:51:26.0262 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/08/24 17:51:26.0313 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/08/24 17:51:26.0362 ================================================================================ 2010/08/24 17:51:26.0363 Scan finished 2010/08/24 17:51:26.0363 ================================================================================ 2010/08/24 17:51:26.0376 Detected object count: 2 2010/08/24 17:52:12.0963 Locked service(hhakkp) - User select action: Skip 2010/08/24 17:52:12.0963 Locked file(sptd) - User select action: Skip 2010/08/24 17:54:52.0179 Deinitialize success Et enfin le dernier rapport Combofix : ComboFix 10-08-23.06 - dieryck 24/08/2010 18:08:08.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.2046.1217 [GMT 2:00] Lancé depuis: c:\users\dieryck\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-24 au 2010-08-24 )))))))))))))))))))))))))))))))))))) . 2010-08-24 16:18 . 2010-08-24 16:19 -------- d-----w- c:\users\dieryck\AppData\Local\temp 2010-08-24 16:18 . 2010-08-24 16:18 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-24 16:18 . 2010-08-24 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-23 14:43 . 2010-08-24 11:01 -------- d-----w- c:\program files\trend micro 2010-08-23 14:43 . 2010-08-23 14:43 -------- d-----w- C:\rsit 2010-08-23 09:58 . 2010-08-24 16:02 -------- d-----w- c:\programdata\STOPzilla! 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\users\dieryck\AppData\Roaming\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\programdata\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-22 21:25 . 2010-08-23 09:34 -------- d-----w- c:\users\dieryck\AppData\Local\epgkyeupn 2010-08-20 19:32 . 2010-06-04 21:39 -------- d-----w- c:\users\dieryck\Tome 33 2010-08-11 15:26 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 15:26 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-11 15:26 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-11 15:26 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-11 15:26 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-11 15:26 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-05 19:27 . 2010-08-24 16:00 -------- d-----w- c:\users\dieryck\AppData\Roaming\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\program files\Common Files\Skype 2010-08-05 19:26 . 2010-08-05 19:27 -------- d-----r- c:\program files\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\programdata\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-24 16:02 . 2008-01-21 08:40 678804 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-24 16:02 . 2008-01-21 08:40 126420 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-24 16:01 . 2010-08-24 15:58 1040 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-08-24 16:00 . 2010-08-24 15:58 344 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg 2010-08-24 11:58 . 2009-03-31 19:49 -------- d-----w- c:\programdata\Google Updater 2010-08-23 20:23 . 2010-08-23 20:23 785408 ----a-w- c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf 2010-08-16 17:26 . 2009-08-25 09:59 -------- d-----w- c:\users\dieryck\AppData\Roaming\uTorrent 2010-08-12 09:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-04 15:12 . 2009-03-28 16:42 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-04 15:12 . 2010-03-28 12:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-08-03 18:12 . 2009-01-05 15:20 -------- d-----w- c:\program files\Electronic Arts 2010-08-03 18:12 . 2008-12-30 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-03 18:10 . 2010-05-14 15:28 -------- d-----w- c:\program files\Pcsx2 2010-08-03 18:05 . 2009-01-03 16:51 -------- d-----w- c:\programdata\Media Center Programs 2010-06-28 20:00 . 2010-06-28 20:00 -------- d-----w- c:\programdata\2DBoy 2010-06-28 19:57 . 2010-06-28 19:57 -------- d-----w- c:\program files\WorldOfGoo 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\users\dieryck\AppData\Roaming\Ubisoft 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\programdata\Ubisoft 2010-06-28 19:31 . 2009-01-01 12:42 -------- d-----w- c:\program files\Ubisoft 2010-06-26 18:40 . 2010-06-26 18:40 -------- d-----w- c:\program files\Microsoft.NET 2010-06-26 06:05 . 2010-08-11 15:27 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-11 15:27 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-11 15:27 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-11 15:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-11 15:27 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-11 15:27 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-15 19:12 . 2009-09-22 15:56 1 ----a-w- c:\users\dieryck\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-13 15:52 . 2008-12-30 17:12 70728 ----a-w- c:\users\dieryck\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-13 12:16 . 2009-03-01 17:11 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-06-11 16:16 . 2010-08-11 15:27 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-27 20:08 . 2010-08-11 15:27 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-05-26 17:06 . 2010-06-09 11:11 34304 ----a-w- c:\windows\system32\atmlib.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Sys32V2Contoller"="c:\windows\mw2mmgr32\mw2mmgr32.exe" [2010-05-21 221696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\dieryck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe] 2008-07-11 16:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):d3,2b,ea,32,0e,ec,c9,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 133104] R3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] --- Autres Services/Pilotes en mémoire --- *Deregistered* - hhakkp [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-08-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 19:49] 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job - c:\windows\system32\msfeedssync.exe [2010-08-11 04:24] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab FF - ProfilePath - c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-24 18:19 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hhakkp] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:59,ec,77,a3,8e,6b,ae,21,bd,c8,4c,e1,0c,0c,75,e3,a1,e0,dd,60,14,d2,bd, 6f,49,d6,53,88,73,c1,b2,0a,14,9d,fc,7c,70,2e,cc,47,d9,e8,cc,54,ac,2f,6e,55,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\License information*] "datasecu"=hex:f1,82,c5,2f,1a,7b,3f,08,b3,8d,65,1e,fd,3c,2e,01,84,bb,27,20,a2, eb,d1,45,37,a2,40,bc,8b,72,89,48,4e,b1,a5,ba,2c,18,4b,38,b7,03,2d,96,2d,4c,\ "rkeysecu"=hex:60,72,c7,18,69,1d,ba,a6,c9,1a,ad,56,62,96,a5,65 . Heure de fin: 2010-08-24 18:22:16 ComboFix-quarantined-files.txt 2010-08-24 16:22 ComboFix2.txt 2010-08-24 12:07 Avant-CF: 38.634.483.712 octets libres Après-CF: 38.601.392.128 octets libres - - End Of File - - E4B1AF2FF45ADA1A45C2A68D9F043EC6 a+
  16. sacha99
    Salut, tout semble marcher correctement ComboFix 10-08-23.02 - dieryck 24/08/2010 13:44:17.1.2 - x86 NETWORK Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.2046.1563 [GMT 2:00] Lancé depuis: c:\users\dieryck\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\dieryck\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Exécution préalable ------- . c:\windows\system32\DRIVERS\szkg.sys c:\windows\system32\drivers\szkgfs.sys c:\windows\system32\drivers\hhakkp.sys . . . . impossible à supprimer . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_HHAKKP -------\Legacy_SZKGFS -------\Service_hhakkp -------\Service_szkgfs -------\Legacy_szkg5 -------\Service_szkg5 -------\Legacy_HHAKKP -------\Service_hhakkp -------\Service_uclp ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-24 au 2010-08-24 )))))))))))))))))))))))))))))))))))) . 2010-08-24 11:52 . 2010-08-24 11:58 -------- d-----w- c:\users\dieryck\AppData\Local\temp 2010-08-23 14:43 . 2010-08-24 11:01 -------- d-----w- c:\program files\trend micro 2010-08-23 14:43 . 2010-08-23 14:43 -------- d-----w- C:\rsit 2010-08-23 09:58 . 2010-08-23 09:58 -------- d-----w- c:\program files\STOPzilla! 2010-08-23 09:58 . 2010-08-23 09:58 -------- d-----w- c:\program files\Common Files\iS3 2010-08-23 09:58 . 2010-08-24 11:56 -------- d-----w- c:\programdata\STOPzilla! 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\users\dieryck\AppData\Roaming\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\programdata\Malwarebytes 2010-08-23 09:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-22 21:25 . 2010-08-23 09:34 -------- d-----w- c:\users\dieryck\AppData\Local\epgkyeupn 2010-08-20 19:32 . 2010-06-04 21:39 -------- d-----w- c:\users\dieryck\Tome 33 2010-08-18 17:11 . 2010-08-18 17:11 546256 ----a-r- c:\windows\system32\SZComp5.dll 2010-08-18 17:11 . 2010-08-18 17:11 22992 ----a-r- c:\windows\system32\SZIO5.dll 2010-08-18 17:11 . 2010-08-18 17:11 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll 2010-08-18 17:11 . 2010-08-18 17:11 99792 ----a-r- c:\windows\system32\IS3Svc5.dll 2010-08-18 17:11 . 2010-08-18 17:11 67024 ----a-r- c:\windows\system32\IS3Hks5.dll 2010-08-18 17:11 . 2010-08-18 17:11 447952 ----a-r- c:\windows\system32\SZBase5.dll 2010-08-18 17:11 . 2010-08-18 17:11 398800 ----a-r- c:\windows\system32\IS3DBA5.dll 2010-08-18 17:11 . 2010-08-18 17:11 28624 ----a-r- c:\windows\system32\IS3XDat5.dll 2010-08-18 17:11 . 2010-08-18 17:11 99792 ----a-r- c:\windows\system32\IS3Inet5.dll 2010-08-18 17:11 . 2010-08-18 17:11 738768 ----a-r- c:\windows\system32\IS3Base5.dll 2010-08-18 17:11 . 2010-08-18 17:11 390608 ----a-r- c:\windows\system32\IS3UI5.dll 2010-08-18 17:11 . 2010-08-18 17:11 230864 ----a-r- c:\windows\system32\IS3Win325.dll 2010-08-11 15:26 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 15:26 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-11 15:26 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-11 15:26 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-11 15:26 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-11 15:26 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-05 19:27 . 2010-08-23 09:41 -------- d-----w- c:\users\dieryck\AppData\Roaming\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\program files\Common Files\Skype 2010-08-05 19:26 . 2010-08-05 19:27 -------- d-----r- c:\program files\Skype 2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\programdata\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-24 11:59 . 2010-08-24 11:55 1448 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-08-24 11:58 . 2010-08-24 11:56 400 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg 2010-08-24 11:58 . 2009-03-31 19:49 -------- d-----w- c:\programdata\Google Updater 2010-08-23 20:23 . 2010-08-23 20:23 785408 ----a-w- c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf 2010-08-23 14:41 . 2008-01-21 08:40 678056 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-23 14:41 . 2008-01-21 08:40 126042 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-16 17:26 . 2009-08-25 09:59 -------- d-----w- c:\users\dieryck\AppData\Roaming\uTorrent 2010-08-12 09:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-04 15:12 . 2009-03-28 16:42 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-04 15:12 . 2010-03-28 12:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-08-03 18:12 . 2009-01-05 15:20 -------- d-----w- c:\program files\Electronic Arts 2010-08-03 18:12 . 2008-12-30 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-03 18:10 . 2010-05-14 15:28 -------- d-----w- c:\program files\Pcsx2 2010-08-03 18:05 . 2009-01-03 16:51 -------- d-----w- c:\programdata\Media Center Programs 2010-06-28 20:00 . 2010-06-28 20:00 -------- d-----w- c:\programdata\2DBoy 2010-06-28 19:57 . 2010-06-28 19:57 -------- d-----w- c:\program files\WorldOfGoo 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\users\dieryck\AppData\Roaming\Ubisoft 2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\programdata\Ubisoft 2010-06-28 19:31 . 2009-01-01 12:42 -------- d-----w- c:\program files\Ubisoft 2010-06-26 18:40 . 2010-06-26 18:40 -------- d-----w- c:\program files\Microsoft.NET 2010-06-26 06:05 . 2010-08-11 15:27 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-11 15:27 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-11 15:27 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-11 15:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-11 15:27 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-11 15:27 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-13 15:52 . 2008-12-30 17:12 70728 ----a-w- c:\users\dieryck\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-13 12:16 . 2009-03-01 17:11 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-06-11 16:16 . 2010-08-11 15:27 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-27 20:08 . 2010-08-11 15:27 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-05-26 17:06 . 2010-06-09 11:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-09 11:11 289792 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Sys32V2Contoller"="c:\windows\mw2mmgr32\mw2mmgr32.exe" [2010-05-21 221696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\dieryck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe] 2008-07-11 16:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):d3,2b,ea,32,0e,ec,c9,01 R0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys [x] R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 133104] R2 TBS;Services de base de module de plateforme sécurisée;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\brfiltlo.sys [2006-11-02 13568] R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\brfiltup.sys [2006-11-02 5248] R3 CertPropSvc;Propagation du certificat;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 DFSR;Réplication DFS;c:\windows\system32\DFSR.exe [2009-04-11 2092544] R3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G60I32.sys [2008-01-21 118784] R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2008-01-21 27648] R3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 IPBusEnum;Énumérateur de bus IP PnP-X;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 KeyIso;Isolation de clé CNG;c:\windows\system32\lsass.exe [2009-06-15 9728] R3 lltdsvc;Mappage de découverte de topologie de la couche de liaison;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 MSiSCSI;Service Initiateur iSCSI de Microsoft;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 MsRPC;MsRPC; [x] R3 NativeWifiP;Filtre NativeWiFi;c:\windows\system32\DRIVERS\nwifi.sys [2009-04-11 148480] R3 pla;Journaux & alertes de performance;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 PNRPAutoReg;Service de publication des noms d’ordinateurs PNRP;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 SCPolicySvc;Stratégie de retrait de la carte à puce;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 SDRSVC;Sauvegarde Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 SessionEnv;Configuration des services Terminal Server;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2008-01-21 12288] R3 SLUINotify;Service de notification de l’interface utilisateur SL;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 THREADORDER;Serveur de priorités des threads;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 tssecsrv;Terminal Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2008-01-21 23552] R3 UI0Detect;Détection de services interactifs;c:\windows\system32\UI0Detect.exe [2008-01-21 35840] R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2008-01-21 60984] R3 wcncsvc;Windows Connect Now - Registre de configuration;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 WcsPlugInService;Système de couleurs Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 WdiServiceHost;Service hôte WDIServiceHost;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 Wecsvc;Collecteur d'événements de Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 wercplsupport;Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 WinRM;Gestion à distance de Windows (Gestion WSM);c:\windows\System32\svchost.exe [2008-01-21 21504] R3 Wlansvc;Service de configuration automatique WLAN;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 WPCSvc;Contrôle parental;c:\windows\system32\svchost.exe [2008-01-21 21504] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2008-01-21 422968] R4 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2008-01-21 300600] R4 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2008-01-21 79928] R4 blbdrive;blbdrive;c:\windows\system32\drivers\blbdrive.sys [2008-01-21 45568] R4 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\drivers\brserid.sys [2006-11-02 71808] R4 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\brserwdm.sys [2006-11-02 62336] R4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\brusbmdm.sys [2006-11-02 12160] R4 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2008-01-21 35328] R4 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\system32\drivers\crusoe.sys [2008-01-21 40960] R4 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2008-01-21 342584] R4 HpCISSs;HpCISSs;c:\windows\system32\drivers\hpcisss.sys [2008-01-21 40504] R4 iaStorV;Intel RAID Controller Vista;c:\windows\system32\drivers\iastorv.sys [2008-01-21 235064] R4 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\ipmidrv.sys [2008-01-21 64512] R4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-11-02 35944] R4 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2008-01-21 96312] R4 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2008-01-21 89656] R4 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2008-01-21 96312] R4 Mcx2Svc;Service Windows Media Center Extender;c:\windows\system32\svchost.exe [2008-01-21 21504] R4 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2008-01-21 31288] R4 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2008-01-21 105016] R4 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2008-01-21 28728] R4 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2008-01-21 94776] R4 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2006-11-02 45160] R4 ntrigdigi;N-trig HID Tablet Driver;c:\windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608] R4 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2008-01-21 45112] R4 ql2300;QLogic Fibre Channel Miniport Driver;c:\windows\system32\drivers\ql2300.sys [2008-01-21 1122360] R4 ql40xx;QLogic iSCSI Miniport Driver;c:\windows\system32\drivers\ql40xx.sys [2006-11-02 106088] R4 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2008-01-21 74808] R4 uliahci;uliahci;c:\windows\system32\drivers\uliahci.sys [2008-01-21 238648] R4 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2008-01-21 115816] R4 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2006-11-02 68608] R4 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2008-01-21 41472] R4 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2008-01-21 130616] R4 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-11-02 20608] R4 Wd;Microsoft Watchdog Timer Driver;c:\windows\system32\drivers\wd.sys [2008-01-21 22072] S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-04-11 245736] S0 Ecache;ReadyBoost Caching Driver;c:\windows\System32\drivers\ecache.sys [2009-04-11 141288] S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2008-01-21 58936] S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328] S0 msisadrv;Pilote de classe ISA/EISA;c:\windows\system32\drivers\msisadrv.sys [2008-01-21 16440] S0 spldr;Security Processor Loader Driver; [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-17 691696] S0 volmgr;Pilote du Gestionnaire de volume;c:\windows\system32\drivers\volmgr.sys [2008-01-21 52792] S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-04-11 292840] S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2009-04-11 75264] S1 nsiproxy;NSI proxy service;c:\windows\system32\drivers\nsiproxy.sys [2008-01-21 16384] S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2008-01-21 6144] S1 Smb;Protocoles TCP/IP et TCP/IPv6 orienté messages (session SMB);c:\windows\system32\DRIVERS\smb.sys [2009-04-11 66560] S1 tdx;Pilote de prise en charge TDI héritée NetIO;c:\windows\system32\DRIVERS\tdx.sys [2009-04-11 72192] S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2008-01-21 62464] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] S2 AudioEndpointBuilder;Générateur de points de terminaison du service Audio Windows;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 BFE;Moteur de filtrage de base;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 DPS;Service de stratégie de diagnostic;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 EMDMgmt;Service ReadyBoost;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 FDResPub;Publication des ressources de découverte de fonctions;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 gpsvc;Client de stratégie de groupe;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 IKEEXT;Modules de génération de clés IKE et AuthIP;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 iphlpsvc;Assistance IP;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 KtmRm;Service KtmRm pour Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2008-01-21 47104] S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2008-01-21 84480] S2 MMCSS;Planificateur de classes multimédias;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 MpsSvc;Pare-feu Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 netprofm;Service Liste des réseaux;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 NlaSvc;Connaissance des emplacements réseau;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 nsi;Service Interface du magasin réseau;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 PcaSvc;Service de l’Assistant Compatibilité des programmes;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2006-11-02 878080] S2 ProfSvc;Service de profil utilisateur;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 slsvc;Licence du logiciel;c:\windows\system32\SLsvc.exe [2009-04-11 3408896] S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 TabletInputService;Service Panneau de saisie Tablet PC;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2009-12-08 30720] S2 UxSms;Gestionnaire de sessions du Gestionnaire de fenêtrage;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 WerSvc;Service de rapport d'erreurs Windows;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 WPDBusEnum;Service Énumérateur d’appareil mobile;c:\windows\system32\svchost.exe [2008-01-21 21504] S3 Appinfo;Informations d'application;c:\windows\system32\svchost.exe [2008-01-21 21504] S3 bowser;bowser;c:\windows\system32\DRIVERS\bowser.sys [2008-01-21 69632] S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2009-09-25 634880] S3 fdPHost;Hôte du fournisseur de découverte de fonctions;c:\windows\system32\svchost.exe [2008-01-21 21504] S3 iScsiPrt;Pilote iScsiPort;c:\windows\system32\DRIVERS\msiscsi.sys [2009-04-11 180712] S3 monitor;Service Pilote de fonction de classe Moniteur Microsoft;c:\windows\system32\DRIVERS\monitor.sys [2008-01-21 41984] S3 mpsdrv;Pilote d’autorisation du Pare-feu Windows;c:\windows\system32\drivers\mpsdrv.sys [2008-01-21 64000] S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-02-23 212992] S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-02-23 79360] S3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2005-03-15 161792] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S3 srv2;srv2;c:\windows\system32\DRIVERS\srv2.sys [2010-06-18 144896] S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-12-11 98816] S3 TrustedInstaller;Programme d’installation de modules Windows;c:\windows\servicing\TrustedInstaller.exe [2009-04-11 39424] S3 tunnel;Pilote de carte miniport Microsoft IPv6 Tunnel;c:\windows\system32\DRIVERS\tunnel.sys [2010-02-18 25088] S3 umbus;Pilote d’énumérateur UMBus;c:\windows\system32\DRIVERS\umbus.sys [2008-01-21 34816] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-05-08 269824] S3 WdiSystemHost;Hôte système de diagnostics;c:\windows\System32\svchost.exe [2008-01-21 21504] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - HHAKKP *Deregistered* - hhakkp [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart WerSvcGroup REG_MULTI_SZ wersvc swprv REG_MULTI_SZ swprv regsvc REG_MULTI_SZ RemoteRegistry wcssvc REG_MULTI_SZ WcsPlugInService DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch wdisvc REG_MULTI_SZ WdiServiceHost sdrsvc REG_MULTI_SZ sdrsvc secsvcs REG_MULTI_SZ WinDefend GPSvcGroup REG_MULTI_SZ GPSvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc wercplsupport Themes CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS ProfSvc EapHost winmgmt schedule SessionEnv browser hkmsvc . Contenu du dossier 'Tâches planifiées' 2010-08-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 19:49] 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50] 2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job - c:\windows\system32\msfeedssync.exe [2010-08-11 04:24] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab FF - ProfilePath - c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - SafeBoot-sacsvr MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-24 13:56 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x855DA1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x889abd24 \Driver\ACPI -> acpi.sys @ 0x807bbd68 \Driver\atapi -> 0x855da1f8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hhakkp] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:59,ec,77,a3,8e,6b,ae,21,bd,c8,4c,e1,0c,0c,75,e3,a1,e0,dd,60,14,d2,bd, 6f,49,d6,53,88,73,c1,b2,0a,14,9d,fc,7c,70,2e,cc,47,d9,e8,cc,54,ac,2f,6e,55,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\License information*] "datasecu"=hex:f1,82,c5,2f,1a,7b,3f,08,b3,8d,65,1e,fd,3c,2e,01,84,bb,27,20,a2, eb,d1,45,37,a2,40,bc,8b,72,89,48,4e,b1,a5,ba,2c,18,4b,38,b7,03,2d,96,2d,4c,\ "rkeysecu"=hex:60,72,c7,18,69,1d,ba,a6,c9,1a,ad,56,62,96,a5,65 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3896) c:\program files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\program files\Secunia\PSI\psi.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2010-08-24 14:07:41 - La machine a redémarré ComboFix-quarantined-files.txt 2010-08-24 12:07 Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Après-CF: 43.692.654.592 octets libres - - End Of File - - 3F0F95C407DFCEBBEC8D2E5CF28E08F6
  17. sacha99
    Bon alors déja bonne nouvelle, je poste depuis l'ordi infecté,internet remarche sans problème. Par contre je suis toujours en mode sans échec, je teste le mode normal et j'édite pour dire si ca marche ou pas ... EDIT : l'ordinateur reste bloqué au moment où il charge windows quand les barres vertes "progressent". Il est pas vraiment bloqué puisqu'il semble charger normalement mais ca dure beaucoup trop longtemps pour être normal ! Pour combofix il n'y avait rien d'autre dans le rapport. Voici le rapport de RSIT : Logfile of random's system information tool 1.08 (written by random/random) Run by dieryck at 2010-08-24 13:00:42 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 44 GB (9%) free of 477 GB Total RAM: 2046 MB (79% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:01:03, on 24/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Users\dieryck\Desktop\RSIT.exe C:\Program Files\trend micro\dieryck.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sys32V2Contoller] C:\Windows\mw2mmgr32\mw2mmgr32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Wrapper] runonce O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate1c9b239ebb99295) (gupdate1c9b239ebb99295) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 22093 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-31 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-13 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}] STOPzilla Browser Helper Object - C:\Program Files\STOPzilla!\SZIEBHO.dll [2010-08-18 247248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120] "Sys32V2Contoller"=C:\Windows\mw2mmgr32\mw2mmgr32.exe [2010-05-21 221696] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] ""= [] "Wrapper"=runonce [] "GrpConv"=grpconv -o [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] C:\PROGRA~1\APACHE~1\Apache2.2\bin\APACHE~1.EXE [2009-08-06 41051] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-12-15 384000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-08-24 00:16:38 ----SHD---- C:\$RECYCLE.BIN 2010-08-24 00:11:10 ----D---- C:\Windows\temp 2010-08-24 00:00:54 ----A---- C:\Windows\NIRCMD.exe 2010-08-24 00:00:47 ----D---- C:\ComboFix 2010-08-24 00:00:32 ----A---- C:\Windows\SWXCACLS.exe 2010-08-23 22:35:16 ----A---- C:\Windows\zip.exe 2010-08-23 22:35:16 ----A---- C:\Windows\SWSC.exe 2010-08-23 22:35:16 ----A---- C:\Windows\SWREG.exe 2010-08-23 22:35:16 ----A---- C:\Windows\sed.exe 2010-08-23 22:35:16 ----A---- C:\Windows\PEV.exe 2010-08-23 22:35:16 ----A---- C:\Windows\MBR.exe 2010-08-23 22:35:16 ----A---- C:\Windows\grep.exe 2010-08-23 22:35:10 ----D---- C:\Windows\ERDNT 2010-08-23 22:33:52 ----D---- C:\Qoobox 2010-08-23 16:43:47 ----D---- C:\Program Files\trend micro 2010-08-23 16:43:46 ----D---- C:\rsit 2010-08-23 11:58:50 ----D---- C:\Program Files\STOPzilla! 2010-08-23 11:58:46 ----D---- C:\Program Files\Common Files\iS3 2010-08-23 11:58:43 ----D---- C:\ProgramData\STOPzilla! 2010-08-23 11:08:18 ----D---- C:\Users\dieryck\AppData\Roaming\Malwarebytes 2010-08-23 11:08:12 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-23 11:08:11 ----D---- C:\ProgramData\Malwarebytes 2010-08-23 11:08:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-23 11:08:11 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-22 23:46:35 ----D---- C:\Windows\Minidump 2010-08-22 23:46:29 ----A---- C:\Windows\ntbtlog.txt 2010-08-22 23:25:30 ----A---- C:\Windows\system32\drivers\hhakkp.sys 2010-08-18 19:11:46 ----RA---- C:\Windows\system32\SZIO5.dll 2010-08-18 19:11:46 ----RA---- C:\Windows\system32\SZComp5.dll 2010-08-18 19:11:46 ----RA---- C:\Windows\system32\IS3HTUI5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\SZBase5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3XDat5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3Svc5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3Hks5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3DBA5.dll 2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3Win325.dll 2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3UI5.dll 2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3Inet5.dll 2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3Base5.dll 2010-08-11 17:27:26 ----A---- C:\Windows\system32\mshtml.dll 2010-08-11 17:27:26 ----A---- C:\Windows\system32\iertutil.dll 2010-08-11 17:27:25 ----A---- C:\Windows\system32\urlmon.dll 2010-08-11 17:27:25 ----A---- C:\Windows\system32\ieframe.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\wininet.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\occache.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\mstime.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedssync.exe 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeeds.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\jsproxy.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieUnatt.exe 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieui.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesysprep.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesetup.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iernonce.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iepeers.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iedkcs32.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ie4uinit.exe 2010-08-11 17:27:15 ----A---- C:\Windows\system32\iccvid.dll 2010-08-11 17:27:14 ----A---- C:\Windows\system32\schannel.dll 2010-08-11 17:27:08 ----A---- C:\Windows\system32\win32k.sys 2010-08-11 17:27:04 ----A---- C:\Windows\system32\rtutils.dll 2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv.sys 2010-08-11 17:26:43 ----A---- C:\Windows\system32\msxml3.dll 2010-08-11 17:26:41 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-05 21:27:26 ----D---- C:\Users\dieryck\AppData\Roaming\Skype 2010-08-05 21:26:22 ----D---- C:\Program Files\Common Files\Skype 2010-08-05 21:26:21 ----RD---- C:\Program Files\Skype 2010-08-05 21:26:12 ----D---- C:\ProgramData\Skype 2010-08-03 11:00:12 ----A---- C:\Windows\system32\shell32.dll ======List of files/folders modified in the last 1 months====== 2010-08-24 00:16:25 ----D---- C:\Windows 2010-08-24 00:16:25 ----A---- C:\Windows\system.ini 2010-08-24 00:16:21 ----D---- C:\Windows\system32\drivers\etc 2010-08-24 00:11:14 ----D---- C:\Windows\system32\drivers 2010-08-24 00:08:52 ----D---- C:\Windows\System32 2010-08-24 00:08:52 ----D---- C:\Windows\AppPatch 2010-08-24 00:08:51 ----D---- C:\Program Files\Common Files 2010-08-24 00:08:45 ----D---- C:\Windows\system32\wbem 2010-08-23 22:44:22 ----D---- C:\ProgramData 2010-08-23 22:23:06 ----SHD---- C:\System Volume Information 2010-08-23 16:46:00 ----D---- C:\Windows\Prefetch 2010-08-23 16:43:47 ----RD---- C:\Program Files 2010-08-23 16:41:19 ----D---- C:\Windows\inf 2010-08-23 16:41:19 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-23 13:46:11 ----D---- C:\Windows\Tasks 2010-08-23 12:33:00 ----D---- C:\Windows\Globalization 2010-08-23 12:01:26 ----SHD---- C:\Windows\Installer 2010-08-23 11:41:32 ----D---- C:\ProgramData\Google Updater 2010-08-23 11:38:19 ----D---- C:\Windows\Provisioning 2010-08-23 00:18:59 ----D---- C:\Windows\system32\Tasks 2010-08-23 00:03:43 ----D---- C:\Windows\system32\spool 2010-08-23 00:03:43 ----D---- C:\Windows\system32\catroot2 2010-08-23 00:03:43 ----D---- C:\Windows\registration 2010-08-22 23:51:56 ----D---- C:\Windows\system32\Msdtc 2010-08-16 19:26:35 ----D---- C:\Users\dieryck\AppData\Roaming\uTorrent 2010-08-16 01:50:58 ----SD---- C:\Windows\Downloaded Program Files 2010-08-12 12:17:53 ----D---- C:\Windows\winsxs 2010-08-12 12:16:10 ----D---- C:\Windows\Microsoft.NET 2010-08-12 12:15:44 ----RSD---- C:\Windows\assembly 2010-08-12 12:04:51 ----D---- C:\Windows\system32\migration 2010-08-12 12:04:51 ----D---- C:\Program Files\Internet Explorer 2010-08-12 12:04:48 ----D---- C:\Program Files\Movie Maker 2010-08-12 11:44:26 ----D---- C:\Windows\system32\catroot 2010-08-12 11:44:19 ----D---- C:\Program Files\Windows Mail 2010-08-04 17:12:50 ----D---- C:\Program Files\Common Files\Adobe 2010-08-04 17:12:07 ----D---- C:\Program Files\Common Files\PX Storage Engine 2010-08-04 17:11:57 ----D---- C:\Program Files\Adobe 2010-08-03 20:12:23 ----HD---- C:\Program Files\InstallShield Installation Information 2010-08-03 20:12:23 ----D---- C:\Program Files\Electronic Arts 2010-08-03 20:10:17 ----D---- C:\Program Files\Pcsx2 2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe 2010-08-03 20:05:10 ----D---- C:\ProgramData\Media Center Programs 2010-08-03 08:45:01 ----D---- C:\Program Files\Mozilla Firefox 2010-08-02 07:15:14 ----A---- C:\Windows\win.ini 2010-08-01 22:50:42 ----HD---- C:\Windows\mw2mmgr32 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 is3srv;is3srv; C:\Windows\system32\drivers\is3srv.sys [2009-12-07 61328] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-19 7680] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-29 104448] S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-17 691696] S0 uclp;uclp; C:\Windows\System32\drivers\ranjqep.sys [] S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-01 96104] S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-21 281760] S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-21 25888] S3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-02 4179968] S3 catchme;catchme; \??\C:\Users\dieryck\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 ovt530;Webcam Deluxe; C:\Windows\System32\Drivers\ov530vid.sys [2005-03-15 161792] S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-05-08 269824] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 720896] S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-31 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 183280] S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-30 75064] S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136] S2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2010-08-18 62928] S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576] S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636] S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- a+
  18. sacha99
    J'ai fait ce que tu m'as dit mais il me dit "le texte du message associé au numéro 0*8 est introuvable dans le fichier de messages pour système" et puis ensuite comme tantôt il me demande les droits administrateurs, par contre contraireent à tantot je ne peux pas le lancer comme ca vu queje le lance par glisser-déposer ... Pour mes problèmes, toujours pas d'internet et pas moyen de lancer windows autrement qu'en mode sans échec Pour le rapport de RSIT tu me demandes bien de refaire une analyse ? pas un rapport qui aurait du apparaitre avec la manipulation que je viens d'effectuer ? Voici le rapport : ComboFix 10-08-22.07 - dieryck 24/08/2010 0:02:43.1.2 - x86 NETWORK Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.2046.1585 [GMT 2:00] Lancé depuis: C:\Users\dieryck\Desktop\ComboFix.exe Commutateurs utilisés :: C:\Users\dieryck\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "C:\Windows\system32\drivers\hhakkp.sys" "C:\Windows\System32\drivers\ranjqep.sys" "C:\Windows\system32\DRIVERS\szkg.sys" "C:\Windows\system32\drivers\szkgfs.sys" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\dieryck\AppData\Roaming\09F98DF9CC6E0207FE3A26A8ED2250C9 C:\Windows\system32\DRIVERS\szkg.sys C:\Windows\system32\drivers\szkgfs.sys C:\Windows\system32\drivers\hhakkp.sys . . . . impossible à supprimer . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_HHAKKP -------\Legacy_SZKGFS -------\Service_hhakkp -------\Service_szkgfs -------\Legacy_szkg5 -------\Service_szkg5
  19. sacha99
    Bonsoir, Lorsque je tente de désinstaller stopzilla, il me dit qu'il a impossible d'accéder au service windows installer ... Pour ce qui est du logiciel combofix il m'a dit plusieurs fois " access denied, administrator permissions are needed to use ..." alors que je l'avais lancé avec les permissions administrateur ComboFix 10-08-22.07 - dieryck 23/08/2010 22:39:03.1.2 - x86 NETWORK Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.2046.1437 [GMT 2:00] Lancé depuis: C:\Users\dieryck\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4\Family Keylogger.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4\Help.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4\Quick Start.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4\Uninstall.lnk C:\ProgramData\mw2mmgr.inc C:\ProgramData\mw2mmgr.txt C:\Users\dieryck\AppData\Roaming\Desktopicon C:\Users\dieryck\AppData\Roaming\Desktopicon\eBayShortcuts.exe . Encore un grand merci pour l'intéret que vous manifestez face à mes problèmes !
  20. sacha99
    Voilà le rapport, comme tu vas pouvoir le voir, il n'a pas réussi a installer HijackThis, est ce possible que ce soit du au fait que je sois en mode sans échec (même si j'ai la prise en charge réseau ?) En effet, je n'arrive plus à démarrer en mode normal ! Logfile of random's system information tool 1.08 (written by random/random) Run by dieryck at 2010-08-23 16:43:46 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 42 GB (9%) free of 477 GB Total RAM: 2046 MB (77% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-31 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-13 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}] STOPzilla Browser Helper Object - C:\Program Files\STOPzilla!\SZIEBHO.dll [2010-08-18 247248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2008-05-21 15519744] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120] "Sys32V2Contoller"=C:\Windows\mw2mmgr32\mw2mmgr32.exe [2010-05-21 221696] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "nwsroemcax.exe"=C:\Users\dieryck\AppData\Local\Temp\nwsroemcax.exe [2010-08-22 42496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] C:\PROGRA~1\APACHE~1\Apache2.2\bin\APACHE~1.EXE [2009-08-06 41051] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-12-15 384000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-23 16:43:47 ----D---- C:\Program Files\trend micro 2010-08-23 16:43:46 ----D---- C:\rsit 2010-08-23 11:58:50 ----D---- C:\Program Files\STOPzilla! 2010-08-23 11:58:46 ----D---- C:\Program Files\Common Files\iS3 2010-08-23 11:58:43 ----D---- C:\ProgramData\STOPzilla! 2010-08-23 11:08:18 ----D---- C:\Users\dieryck\AppData\Roaming\Malwarebytes 2010-08-23 11:08:12 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-23 11:08:11 ----D---- C:\ProgramData\Malwarebytes 2010-08-23 11:08:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-23 11:08:11 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-22 23:46:35 ----D---- C:\Windows\Minidump 2010-08-22 23:46:29 ----A---- C:\Windows\ntbtlog.txt 2010-08-22 23:25:30 ----A---- C:\Windows\system32\drivers\hhakkp.sys 2010-08-22 23:24:51 ----D---- C:\RECYCLER 2010-08-22 23:24:44 ----D---- C:\Users\dieryck\AppData\Roaming\09F98DF9CC6E0207FE3A26A8ED2250C9 2010-08-18 19:11:46 ----RA---- C:\Windows\system32\SZIO5.dll 2010-08-18 19:11:46 ----RA---- C:\Windows\system32\SZComp5.dll 2010-08-18 19:11:46 ----RA---- C:\Windows\system32\IS3HTUI5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\SZBase5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3XDat5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3Svc5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3Hks5.dll 2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3DBA5.dll 2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3Win325.dll 2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3UI5.dll 2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3Inet5.dll 2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3Base5.dll 2010-08-11 17:27:26 ----A---- C:\Windows\system32\mshtml.dll 2010-08-11 17:27:26 ----A---- C:\Windows\system32\iertutil.dll 2010-08-11 17:27:25 ----A---- C:\Windows\system32\urlmon.dll 2010-08-11 17:27:25 ----A---- C:\Windows\system32\ieframe.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\wininet.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\occache.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\mstime.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedssync.exe 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeeds.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\jsproxy.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieUnatt.exe 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieui.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesysprep.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesetup.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iernonce.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iepeers.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\iedkcs32.dll 2010-08-11 17:27:24 ----A---- C:\Windows\system32\ie4uinit.exe 2010-08-11 17:27:15 ----A---- C:\Windows\system32\iccvid.dll 2010-08-11 17:27:14 ----A---- C:\Windows\system32\schannel.dll 2010-08-11 17:27:08 ----A---- C:\Windows\system32\win32k.sys 2010-08-11 17:27:04 ----A---- C:\Windows\system32\rtutils.dll 2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv.sys 2010-08-11 17:26:43 ----A---- C:\Windows\system32\msxml3.dll 2010-08-11 17:26:41 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-05 21:27:26 ----D---- C:\Users\dieryck\AppData\Roaming\Skype 2010-08-05 21:26:22 ----D---- C:\Program Files\Common Files\Skype 2010-08-05 21:26:21 ----RD---- C:\Program Files\Skype 2010-08-05 21:26:12 ----D---- C:\ProgramData\Skype 2010-08-03 11:00:12 ----A---- C:\Windows\system32\shell32.dll ======List of files/folders modified in the last 1 months====== 2010-08-23 16:43:47 ----RD---- C:\Program Files 2010-08-23 16:41:19 ----D---- C:\Windows\System32 2010-08-23 16:41:19 ----D---- C:\Windows\inf 2010-08-23 16:41:19 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-23 16:38:59 ----D---- C:\Windows 2010-08-23 14:38:08 ----D---- C:\Windows\Temp 2010-08-23 14:37:34 ----D---- C:\Windows\system32\drivers 2010-08-23 13:46:11 ----D---- C:\Windows\Tasks 2010-08-23 12:33:00 ----D---- C:\Windows\Globalization 2010-08-23 12:01:26 ----SHD---- C:\Windows\Installer 2010-08-23 11:58:46 ----D---- C:\Program Files\Common Files 2010-08-23 11:58:43 ----HD---- C:\ProgramData 2010-08-23 11:53:00 ----SHD---- C:\System Volume Information 2010-08-23 11:41:32 ----D---- C:\ProgramData\Google Updater 2010-08-23 11:38:19 ----D---- C:\Windows\Provisioning 2010-08-23 00:18:59 ----D---- C:\Windows\system32\Tasks 2010-08-23 00:08:13 ----D---- C:\Windows\system32\wbem 2010-08-23 00:03:43 ----D---- C:\Windows\system32\spool 2010-08-23 00:03:43 ----D---- C:\Windows\system32\catroot2 2010-08-23 00:03:43 ----D---- C:\Windows\registration 2010-08-22 23:51:56 ----D---- C:\Windows\system32\Msdtc 2010-08-22 23:24:46 ----D---- C:\Windows\Prefetch 2010-08-16 19:26:35 ----D---- C:\Users\dieryck\AppData\Roaming\uTorrent 2010-08-16 01:50:58 ----SD---- C:\Windows\Downloaded Program Files 2010-08-12 12:17:53 ----D---- C:\Windows\winsxs 2010-08-12 12:16:10 ----D---- C:\Windows\Microsoft.NET 2010-08-12 12:15:44 ----RSD---- C:\Windows\assembly 2010-08-12 12:04:51 ----D---- C:\Windows\system32\migration 2010-08-12 12:04:51 ----D---- C:\Program Files\Internet Explorer 2010-08-12 12:04:48 ----D---- C:\Program Files\Movie Maker 2010-08-12 11:44:26 ----D---- C:\Windows\system32\catroot 2010-08-12 11:44:19 ----D---- C:\Program Files\Windows Mail 2010-08-04 17:12:50 ----D---- C:\Program Files\Common Files\Adobe 2010-08-04 17:12:07 ----D---- C:\Program Files\Common Files\PX Storage Engine 2010-08-04 17:11:57 ----D---- C:\Program Files\Adobe 2010-08-03 20:12:23 ----HD---- C:\Program Files\InstallShield Installation Information 2010-08-03 20:12:23 ----D---- C:\Program Files\Electronic Arts 2010-08-03 20:10:17 ----D---- C:\Program Files\Pcsx2 2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe 2010-08-03 20:05:10 ----D---- C:\ProgramData\Media Center Programs 2010-08-03 08:45:01 ----D---- C:\Program Files\Mozilla Firefox 2010-08-02 07:15:14 ----A---- C:\Windows\win.ini 2010-08-01 22:50:42 ----HD---- C:\Windows\mw2mmgr32 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944] R0 szkg5;szkg5; C:\Windows\system32\DRIVERS\szkg.sys [2009-12-07 61328] R0 szkgfs;szkgfs; C:\Windows\system32\drivers\szkgfs.sys [2010-05-12 59280] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-19 7680] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-29 104448] S0 is3srv;is3srv; C:\Windows\system32\drivers\is3srv.sys [2009-12-07 61328] S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-17 691696] S0 uclp;uclp; C:\Windows\System32\drivers\ranjqep.sys [] S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-01 96104] S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-21 281760] S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-21 25888] S3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-02 4179968] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 ovt530;Webcam Deluxe; C:\Windows\System32\Drivers\ov530vid.sys [2005-03-15 161792] S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-05-08 269824] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 720896] S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-31 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 183280] S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-30 75064] S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136] S2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2010-08-18 62928] S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576] S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636] S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF-----------------
  21. sacha99
    Tout d'abord, merci beaucoup pour votre réponse et désolé d'avoir ouvert les 2 topics, ne connaissant aucun site dans ce domaine je ne savais pas trop sur lequel poster ... Voici ensuite le rapport Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4465 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18943 23/08/2010 11:34:15 mbam-log-2010-08-23 (11-34-15).txt Type d'examen: Examen rapide Elément(s) analysé(s): 140019 Temps écoulé: 6 minute(s), 17 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Autorun.B) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tpwqimuc (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully. C:\Users\dieryck\AppData\Local\epgkyeupn\bjilnwkshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. C:\Users\dieryck\AppData\Local\Temp\3753014.exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Users\dieryck\AppData\Local\Temp\sxcfgslr.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\dieryck\AppData\Roaming\ohydy.exe (Worm.Palevo) -> Delete on reboot.
  22. sacha99
    Bonjour, pour vous expliquer le contexte, mon frère semble t'il mis ignorer lorsqu'antivir lui a signalé un virus. Notre ordi est donc maintenant infecté, et très salement infecté même ! j'ai eu plein de message d'alerte d'Antivir Puis la plus aucune application ne peut se lancer, avec plein de message/alerte comme quoi le fichier .exe est infected. Les seules qui marchent sont les navigateurs internets mais ils n'envoient que vers un site de pub pour un antivirus qui semble vachement bidon ! Excusez moi de recreer un post sur ce sujet, car j'en ai vu d'autre mais je préfère m'assurer de ne pas faire de conneries ! Merci d'avance pour votre aide et vos conseils.
×
×
  • Créer...