Aller au contenu

salmon

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    12

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français anglais

salmon's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. salmon
    Salut Thanos, Encore une fois mes excuses j'ai été vraiment très pris cette semaine. Voici donc le log du MBR check qui a détecté des choses: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003d Kernel Drivers (total 135): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xF8977000 \WINDOWS\system32\KDCOM.DLL 0xF8887000 \WINDOWS\system32\BOOTVID.dll 0xF8347000 ACPI.sys 0xF8979000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF8336000 pci.sys 0xF8477000 isapnp.sys 0xF8A3F000 pciide.sys 0xF86F7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF8487000 MountMgr.sys 0xF8317000 ftdisk.sys 0xF897B000 dmload.sys 0xF82F1000 dmio.sys 0xF86FF000 PartMgr.sys 0xF8497000 VolSnap.sys 0xF82D9000 atapi.sys 0xF84A7000 disk.sys 0xF84B7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF82B9000 fltMgr.sys 0xF82A7000 sr.sys 0xF84C7000 PxHelp20.sys 0xF8288000 symsnap.sys 0xF8271000 KSecDD.sys 0xF825E000 WudfPf.sys 0xF81D1000 Ntfs.sys 0xF81A4000 NDIS.sys 0xF818A000 Mup.sys 0xF8677000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF72D7000 \SystemRoot\system32\DRIVERS\igxpmp32.sys 0xF72C3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF729B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF725E000 \SystemRoot\system32\DRIVERS\e1e5132.sys 0xF878F000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF723A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF8797000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF8687000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF879F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF87A7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF87AF000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF7229000 \SystemRoot\system32\DRIVERS\serial.sys 0xF814D000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF7215000 \SystemRoot\system32\DRIVERS\parport.sys 0xF87B7000 \SystemRoot\system32\DRIVERS\tpm.sys 0xF8697000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF86A7000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF86B7000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF71F2000 \SystemRoot\system32\DRIVERS\ks.sys 0xF87BF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xF89A9000 \SystemRoot\system32\DRIVERS\vncdrv.sys 0xF8B19000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF78D0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF8141000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF71DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF78C0000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF78B0000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF87D7000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF71CA000 \SystemRoot\system32\DRIVERS\psched.sys 0xF78A0000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF87DF000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF87E7000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF719A000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7890000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF89AB000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF713C000 \SystemRoot\system32\DRIVERS\update.sys 0xF891F000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7880000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAA6D8000 \SystemRoot\system32\drivers\ADIHdAud.sys 0xAA6B4000 \SystemRoot\system32\drivers\portcls.sys 0xF7850000 \SystemRoot\system32\drivers\drmk.sys 0xF8507000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF89B5000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF882F000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF8847000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF89BD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF8537000 \SystemRoot\system32\DRIVERS\DcCam.sys 0xA9D20000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS 0xF8BA6000 \SystemRoot\System32\Drivers\Null.SYS 0xF89C7000 \SystemRoot\System32\Drivers\Beep.SYS 0xF8737000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF873F000 \SystemRoot\System32\drivers\vga.sys 0xF89D9000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF89DB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF874F000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF8757000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF894F000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA9C5B000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA9C02000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF8587000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xA9BDC000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF8597000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xA9BB4000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA9B92000 \SystemRoot\System32\drivers\afd.sys 0xF85A7000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA9B67000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA9AF7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF85B7000 \SystemRoot\System32\Drivers\Fips.SYS 0xA99BB000 \SystemRoot\System32\Drivers\aswSP.SYS 0xA9CDB000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xA9CB3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF7134000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xA9CA3000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xA7C96000 \SystemRoot\system32\DRIVERS\lvuvc.sys 0xA98F2000 \SystemRoot\system32\drivers\usbaudio.sys 0xA6FC5000 \SystemRoot\system32\DRIVERS\lvrs.sys 0xA079E000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xA0786000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF89E5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xA32B9000 \SystemRoot\System32\drivers\Dxapi.sys 0xA310F000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF8AF3000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF024000 \SystemRoot\System32\igxpgd32.dll 0xBF012000 \SystemRoot\System32\igxprd32.dll 0xBF04E000 \SystemRoot\System32\igxpdv32.DLL 0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL 0xBF43A000 \SystemRoot\System32\vnchelp.dll 0xA8C1B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xA98B2000 \SystemRoot\system32\drivers\dcfs2k.sys 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA7346000 \??\C:\WINDOWS\system32\socketlock.sys 0xA4CD9000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA0747000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xA7579000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA057A000 \SystemRoot\system32\drivers\wdmaud.sys 0xA74E9000 \SystemRoot\system32\drivers\sysaudio.sys 0xA0385000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF899D000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xA28C0000 \SystemRoot\System32\Drivers\DgiVecp.sys 0xA02E3000 \SystemRoot\system32\DRIVERS\srv.sys 0xA0934000 \SystemRoot\System32\Drivers\vnccom.SYS 0xA7A61000 \SystemRoot\system32\Drivers\LVPr2Mon.sys 0xF8867000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 40): 0 System Idle Process 4 System 608 C:\WINDOWS\system32\smss.exe 656 csrss.exe 680 C:\WINDOWS\system32\winlogon.exe 724 C:\WINDOWS\system32\services.exe 736 C:\WINDOWS\system32\lsass.exe 908 C:\WINDOWS\system32\svchost.exe 996 svchost.exe 1112 C:\WINDOWS\system32\svchost.exe 1144 C:\WINDOWS\system32\svchost.exe 1316 svchost.exe 1468 svchost.exe 1592 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1672 C:\WINDOWS\explorer.exe 1820 C:\WINDOWS\system32\igfxtray.exe 1828 C:\WINDOWS\system32\hkcmd.exe 1836 C:\WINDOWS\system32\igfxpers.exe 1932 C:\Program Files\QuickTime\QTTask.exe 1944 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 1956 C:\WINDOWS\system32\ctfmon.exe 456 C:\WINDOWS\system32\spoolsv.exe 980 svchost.exe 1536 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe 412 C:\Program Files\Bonjour\mDNSResponder.exe 1052 C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe 1404 C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1624 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 1700 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2144 C:\WINDOWS\system32\svchost.exe 2200 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe 2272 C:\WINDOWS\system32\searchindexer.exe 2388 C:\Program Files\Canon\CAL\CALMAIN.exe 2732 C:\WINDOWS\system32\wscntfy.exe 3192 alg.exe 1288 PresentationFontCache.exe 704 C:\Program Files\Mozilla Firefox\firefox.exe 3928 C:\WINDOWS\system32\searchprotocolhost.exe 800 searchfilterhost.exe 2848 D:\Client\Mes documents\Téléchargements\MBRCheck(2).exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dcd400 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32) PhysicalDrive0 Model Number: HDS728080PLA38040Y9028LEN, Rev: PF2OA65A PhysicalDrive1 Model Number: WD2500BMV External, Rev: 1.75 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719 232 GB \\.\PhysicalDrive1 RE: Unknown MBR code SHA1: CE7DBBBEE43059700485C7835F4E1ED6D2FADB1C Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Done! Et encore une fois, je ne savais trop que faire... Merci à l'avance pour ta réponse (qui je l'espère sera plus rapide que la mienne )
  2. salmon
    Oups...j'allais oublier de te dire quelque chose d'important (tu l'auras peut-être remarqué). Je me suis "choqué" et j'ai retiré l'antivirus Vidéotron après avoir constaté qu'il serait toujours possible de le télécharger à nouveau au besoin. J'ai installé Avast en me disant que ça allait améliorer. Le fameux processus Rps Security Aware n'apparait plus et l'ordinateur semble un peu moins lent. Mais il me semble qu'il est quand même plus lent qu'avant alors je n'ose pas dire que ça a réglé le problème. Enfin, si tu penses qu'on a épuisé toutes les hypothèses, c'est toi l'expert ! Merci encore mille fois.
  3. salmon
    Salut Thanos, Bon je ne sais plus quoi penser, le scan n'a rien trouvé !!! (VOici:) 2010/10/29 09:52:11.0750 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49 2010/10/29 09:52:11.0750 ================================================================================ 2010/10/29 09:52:11.0750 SystemInfo: 2010/10/29 09:52:11.0750 2010/10/29 09:52:11.0750 OS Version: 5.1.2600 ServicePack: 3.0 2010/10/29 09:52:11.0750 Product type: Workstation 2010/10/29 09:52:11.0750 ComputerName: GERMAIN 2010/10/29 09:52:11.0750 UserName: Client 2010/10/29 09:52:11.0750 Windows directory: C:\WINDOWS 2010/10/29 09:52:11.0750 System windows directory: C:\WINDOWS 2010/10/29 09:52:11.0750 Processor architecture: Intel x86 2010/10/29 09:52:11.0750 Number of processors: 2 2010/10/29 09:52:11.0750 Page size: 0x1000 2010/10/29 09:52:11.0750 Boot type: Normal boot 2010/10/29 09:52:11.0765 ================================================================================ 2010/10/29 09:52:12.0578 Initialize success 2010/10/29 09:52:17.0875 ================================================================================ 2010/10/29 09:52:17.0875 Scan started 2010/10/29 09:52:17.0875 Mode: Manual; 2010/10/29 09:52:17.0875 ================================================================================ 2010/10/29 09:52:22.0968 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys 2010/10/29 09:52:24.0562 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/10/29 09:52:25.0640 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/10/29 09:52:26.0359 ADIHdAudAddService (b244557d1b89ee61d00d93212de7ddc9) C:\WINDOWS\system32\drivers\ADIHdAud.sys 2010/10/29 09:52:27.0656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/10/29 09:52:28.0359 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/10/29 09:52:33.0140 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2010/10/29 09:52:33.0718 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys 2010/10/29 09:52:34.0203 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys 2010/10/29 09:52:34.0578 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys 2010/10/29 09:52:34.0968 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys 2010/10/29 09:52:35.0281 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/10/29 09:52:35.0609 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/10/29 09:52:36.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/10/29 09:52:36.0515 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/10/29 09:52:36.0828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/10/29 09:52:37.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/10/29 09:52:37.0421 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/10/29 09:52:37.0984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/10/29 09:52:38.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/10/29 09:52:38.0656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/10/29 09:52:40.0343 DcCam (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys 2010/10/29 09:52:40.0656 DcFpoint (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys 2010/10/29 09:52:40.0968 DCFS2K (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys 2010/10/29 09:52:41.0296 DcLps (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys 2010/10/29 09:52:41.0578 DcPTP (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys 2010/10/29 09:52:41.0906 DgiVecp (d514b430e2989f846137828c90370c16) C:\WINDOWS\system32\Drivers\DgiVecp.sys 2010/10/29 09:52:42.0265 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/10/29 09:52:42.0671 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2010/10/29 09:52:43.0265 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2010/10/29 09:52:43.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/10/29 09:52:43.0937 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/10/29 09:52:44.0484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/10/29 09:52:44.0843 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2010/10/29 09:52:45.0343 Exportit (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys 2010/10/29 09:52:45.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/10/29 09:52:46.0203 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/10/29 09:52:46.0593 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 2010/10/29 09:52:46.0890 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2010/10/29 09:52:47.0218 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/10/29 09:52:47.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/10/29 09:52:48.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/10/29 09:52:48.0734 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/10/29 09:52:49.0359 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/10/29 09:52:49.0843 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/10/29 09:52:50.0546 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/10/29 09:52:51.0328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/10/29 09:52:52.0484 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/10/29 09:52:54.0265 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/10/29 09:52:55.0515 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/10/29 09:52:56.0875 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/10/29 09:52:58.0265 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/10/29 09:52:58.0765 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/10/29 09:52:59.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/10/29 09:52:59.0921 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/10/29 09:53:00.0562 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/10/29 09:53:01.0281 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/10/29 09:53:01.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/10/29 09:53:02.0328 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/10/29 09:53:02.0843 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/10/29 09:53:03.0453 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/10/29 09:53:04.0046 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/10/29 09:53:04.0687 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/10/29 09:53:05.0687 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 2010/10/29 09:53:06.0578 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys 2010/10/29 09:53:10.0812 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 2010/10/29 09:53:14.0734 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/10/29 09:53:15.0234 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2010/10/29 09:53:15.0765 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/10/29 09:53:16.0343 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/10/29 09:53:16.0875 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/10/29 09:53:18.0046 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/10/29 09:53:18.0906 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/10/29 09:53:19.0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/10/29 09:53:20.0421 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/10/29 09:53:20.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/10/29 09:53:21.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/10/29 09:53:22.0062 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/10/29 09:53:22.0578 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/10/29 09:53:23.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/10/29 09:53:23.0921 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/10/29 09:53:24.0609 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/10/29 09:53:25.0437 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/10/29 09:53:25.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/10/29 09:53:26.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/10/29 09:53:27.0234 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/10/29 09:53:27.0796 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/10/29 09:53:28.0359 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/10/29 09:53:29.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/10/29 09:53:29.0734 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/10/29 09:53:30.0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/10/29 09:53:31.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/10/29 09:53:32.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/10/29 09:53:32.0765 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/10/29 09:53:33.0406 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/10/29 09:53:34.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/10/29 09:53:34.0515 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/10/29 09:53:35.0125 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/10/29 09:53:36.0234 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/10/29 09:53:36.0750 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/10/29 09:53:40.0156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/10/29 09:53:40.0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/10/29 09:53:41.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/10/29 09:53:41.0953 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/10/29 09:53:44.0687 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/10/29 09:53:45.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/10/29 09:53:45.0906 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/10/29 09:53:46.0625 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/10/29 09:53:47.0359 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/10/29 09:53:48.0031 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/10/29 09:53:48.0750 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/10/29 09:53:49.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/10/29 09:53:50.0140 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/10/29 09:53:50.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/10/29 09:53:51.0328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/10/29 09:53:51.0937 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/10/29 09:53:52.0546 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/10/29 09:53:53.0812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/10/29 09:53:54.0500 SocketLock (c49ac412a5c58f29beda9f3d507f6b82) C:\WINDOWS\system32\socketlock.sys 2010/10/29 09:53:55.0531 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/10/29 09:53:56.0156 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/10/29 09:53:56.0875 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/10/29 09:53:57.0687 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/10/29 09:53:58.0453 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/10/29 09:53:59.0000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/10/29 09:54:00.0500 symsnap (5c66e6aa29dad1875cc74662dd13c87e) C:\WINDOWS\system32\DRIVERS\symsnap.sys 2010/10/29 09:54:02.0218 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/10/29 09:54:02.0921 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/10/29 09:54:03.0843 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/10/29 09:54:04.0484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/10/29 09:54:05.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/10/29 09:54:06.0375 TPM (a147180fc61769bf4eb6ff94d499970c) C:\WINDOWS\system32\DRIVERS\tpm.sys 2010/10/29 09:54:07.0031 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/10/29 09:54:08.0593 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/10/29 09:54:09.0953 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/10/29 09:54:10.0703 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2010/10/29 09:54:11.0343 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/10/29 09:54:12.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/10/29 09:54:12.0687 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/10/29 09:54:13.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/10/29 09:54:14.0093 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/10/29 09:54:14.0796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/10/29 09:54:15.0390 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/10/29 09:54:16.0312 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2010/10/29 09:54:17.0156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/10/29 09:54:18.0156 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS 2010/10/29 09:54:18.0734 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys 2010/10/29 09:54:19.0328 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/10/29 09:54:19.0859 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/10/29 09:54:20.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/10/29 09:54:21.0796 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2010/10/29 09:54:22.0890 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/10/29 09:54:23.0703 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/10/29 09:54:24.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/10/29 09:54:28.0640 ================================================================================ 2010/10/29 09:54:28.0640 Scan finished 2010/10/29 09:54:28.0640 ================================================================================ Merci encore à l'avance pour tes instructions.
  4. salmon
    Bonjour Thanos, Désolé pour le délai j'ai été pas mal occupé. J'ai refait le glisser-déposer sur Combofix, il a fait son scan, mais encore une fois le fichier ne s'est pas envoyé !? Dois-je quand même t'envoyer le "Qoobox" par MP ? Voici le log: ComboFix 10-10-23.02 - Client 2010-10-27 9:57.6.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.501.196 [GMT -4:00] Lancé depuis: d:\client\Mes documents\Téléchargements\ComboFix.exe Commutateurs utilisés :: d:\client\Mes documents\Téléchargements\CFScript.txt AV: Services de sécurité Vidéotron Antivirus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: Services de sécurité Vidéotron Coupe-feu *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . Une copie infectée de c:\windows\system32\kernel32.dll a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache\kernel32.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-27 au 2010-10-27 )))))))))))))))))))))))))))))))))))) . 2010-10-22 01:03 . 2010-10-22 01:05 -------- d-----w- C:\Rootrepeal 2010-10-15 13:31 . 2010-10-15 13:31 -------- d-----w- c:\documents and settings\Client\Application Data\Windows Search 2010-10-15 13:28 . 2010-10-19 00:58 -------- d-----w- c:\program files\trend micro 2010-10-15 13:28 . 2010-10-15 13:29 -------- d-----w- C:\rsit 2010-10-13 16:53 . 2010-10-13 16:53 -------- d-----w- c:\documents and settings\Client\Local Settings\Application Data\Mozilla 2010-10-13 16:30 . 2010-10-13 16:30 -------- d-----w- c:\documents and settings\Client\Application Data\Malwarebytes 2010-10-13 16:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-13 16:30 . 2010-10-13 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-13 16:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-13 16:30 . 2010-10-13 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-25 14:05 . 2010-10-25 14:05 108966 ----a-w- C:\Qoobox.zip 2010-09-01 12:32 . 2010-09-01 12:32 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys 2010-09-01 12:32 . 2010-09-01 12:32 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys 2010-08-10 09:15 . 2010-08-10 09:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-08-10 09:15 . 2010-08-10 09:15 69632 ----a-w- c:\windows\system32\QuickTime.qts . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "VideotronSA.exe"="c:\program files\Videotron\Videotron Service Agent\VideotronSA.exe" [2010-03-02 4281584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Camera Monitor HD.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Camera Monitor HD.lnk backup=c:\windows\pss\Camera Monitor HD.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager] 2008-09-19 04:00 87336 ----a-w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-09 02:17 52256 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 23:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 20:40 155648 -c--a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WHITNEY_S2P] 2006-03-27 06:35 229376 ----a-w- c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Videotron\\Videotron Service Agent\\ServicepointService.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-09-01 25608] R2 Gestionnaire de connexion de Simple Comptable;Gestionnaire de connexion de Simple Comptable;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [2009-10-15 16680] R2 Radialpoint Security Services;Services de sécurité Vidéotron;c:\program files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe [2010-03-02 166944] R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [2010-09-01 5832712] R2 ServicepointService;ServicepointService;c:\program files\Videotron\Videotron Service Agent\ServicepointService.exe [2010-09-01 689392] R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2009-06-03 3712] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2010-04-21 6016] R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2010-09-01 122376] R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [2010-09-01 30216] R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2010-09-01 25736] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - CEF1CA69 *NewlyCreated* - F2F15B15 *Deregistered* - cef1ca69 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan sysagent . Contenu du dossier 'Tâches planifiées' 2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:55] 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:55] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Client\Application Data\Mozilla\Firefox\Profiles\xg8shacg.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Videotron\Videotron Service Agent\nprpspa.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-10-27 10:15 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3820) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Videotron\Services de sécurité Vidéotron\Fws.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\TeamViewer\Version5\TeamViewer_Service.exe c:\windows\system32\SearchIndexer.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\program files\Videotron\Videotron Service Agent\VideotronSAComHandler.exe . ************************************************************************** . Heure de fin: 2010-10-27 10:26:24 - La machine a redémarré ComboFix-quarantined-files.txt 2010-10-27 14:26 ComboFix2.txt 2010-10-25 14:02 ComboFix3.txt 2010-10-24 22:12 ComboFix4.txt 2010-10-24 21:40 ComboFix5.txt 2010-10-27 13:54 Avant-CF: 7 594 639 360 octets libres Après-CF: 7 589 318 656 octets libres - - End Of File - - 30F399FDECB3C534A743351DF18D2DAB J'attends tes instructions !
  5. salmon
    Bonjour Thanos, Voici le log: ComboFix 10-10-23.02 - Client 2010-10-25 9:47.5.2 - x86 Lancé depuis: d:\client\Mes documents\Téléchargements\ComboFix.exe Commutateurs utilisés :: d:\client\Mes documents\Téléchargements\CFScript.txt AV: Services de sécurité Vidéotron Antivirus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: Services de sécurité Vidéotron Coupe-feu *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22} * Un antivirus résident est actif . ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-25 au 2010-10-25 )))))))))))))))))))))))))))))))))))) . 2010-10-22 01:03 . 2010-10-22 01:05 -------- d-----w- C:\Rootrepeal 2010-10-15 13:31 . 2010-10-15 13:31 -------- d-----w- c:\documents and settings\Client\Application Data\Windows Search 2010-10-15 13:28 . 2010-10-19 00:58 -------- d-----w- c:\program files\trend micro 2010-10-15 13:28 . 2010-10-15 13:29 -------- d-----w- C:\rsit 2010-10-13 16:53 . 2010-10-13 16:53 -------- d-----w- c:\documents and settings\Client\Local Settings\Application Data\Mozilla 2010-10-13 16:30 . 2010-10-13 16:30 -------- d-----w- c:\documents and settings\Client\Application Data\Malwarebytes 2010-10-13 16:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-13 16:30 . 2010-10-13 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-13 16:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-13 16:30 . 2010-10-13 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-01 12:32 . 2010-09-01 12:32 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys 2010-09-01 12:32 . 2010-09-01 12:32 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys 2010-08-10 09:15 . 2010-08-10 09:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-08-10 09:15 . 2010-08-10 09:15 69632 ----a-w- c:\windows\system32\QuickTime.qts . ((((((((((((((((((((((((((((( SnapShot@2010-10-14_00.04.39 ))))))))))))))))))))))))))))))))))))))))) . + 2007-08-09 18:59 . 2007-08-09 18:59 106496 c:\windows\system32\myodbc3m.exe + 2007-08-09 18:59 . 2007-08-09 18:59 114688 c:\windows\system32\myodbc3i.exe + 2009-06-09 13:37 . 2010-10-21 18:41 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2009-06-09 13:37 . 2010-10-09 00:31 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2010-10-17 14:08 . 2010-10-17 14:08 188928 c:\windows\Installer\4c02a25.msi + 2007-08-09 18:59 . 2007-08-09 18:59 6660096 c:\windows\system32\myodbc3S.dll + 2007-08-09 18:59 . 2007-08-09 18:59 2179072 c:\windows\system32\myodbc3.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "VideotronSA.exe"="c:\program files\Videotron\Videotron Service Agent\VideotronSA.exe" [2010-03-02 4281584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Camera Monitor HD.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Camera Monitor HD.lnk backup=c:\windows\pss\Camera Monitor HD.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager] 2008-09-19 04:00 87336 ----a-w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-09 02:17 52256 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 23:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 20:40 155648 -c--a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WHITNEY_S2P] 2006-03-27 06:35 229376 ----a-w- c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Videotron\\Videotron Service Agent\\ServicepointService.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-09-01 25608] R2 Gestionnaire de connexion de Simple Comptable;Gestionnaire de connexion de Simple Comptable;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [2009-10-15 16680] R2 Radialpoint Security Services;Services de sécurité Vidéotron;c:\program files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe [2010-03-02 166944] R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [2010-09-01 5832712] R2 ServicepointService;ServicepointService;c:\program files\Videotron\Videotron Service Agent\ServicepointService.exe [2010-09-01 689392] R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2009-06-03 3712] R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2010-04-21 6016] R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2010-09-01 122376] R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [2010-09-01 30216] R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2010-09-01 25736] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - 45D64E7B *NewlyCreated* - 99AE80EA *Deregistered* - 45d64e7b [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan sysagent . Contenu du dossier 'Tâches planifiées' 2010-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:55] 2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:55] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Client\Application Data\Mozilla\Firefox\Profiles\xg8shacg.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Videotron\Videotron Service Agent\nprpspa.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-10-25 09:58 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(976) c:\windows\system32\igfxdev.dll - - - - - - - > 'explorer.exe'(1544) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . Heure de fin: 2010-10-25 10:02:54 ComboFix-quarantined-files.txt 2010-10-25 14:02 ComboFix2.txt 2010-10-24 22:12 ComboFix3.txt 2010-10-24 21:40 ComboFix4.txt 2010-10-19 01:36 ComboFix5.txt 2010-10-25 13:44 Avant-CF: 7 638 151 168 octets libres Après-CF: 7 617 425 408 octets libres - - End Of File - - 9823D23A542BCFEB5FD2F3DF6CD499AD Comme mentionné dans le message que je t'ai envoyé, l'envoi du fichier au créateur de Combofix ne s'est pas fait !? Dans l'attente de tes instructions, Merci encore. P.s. Excuse mes doutes/ignorance, mais est-ce qu'on progresse ??
  6. salmon
    Salut Thanos, Voici le log MBR: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000007d Kernel Drivers (total 142): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xF8977000 \WINDOWS\system32\KDCOM.DLL 0xF8887000 \WINDOWS\system32\BOOTVID.dll 0xF8347000 ACPI.sys 0xF8979000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF8336000 pci.sys 0xF8477000 isapnp.sys 0xF8A3F000 pciide.sys 0xF86F7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF8487000 MountMgr.sys 0xF8317000 ftdisk.sys 0xF897B000 dmload.sys 0xF82F1000 dmio.sys 0xF86FF000 PartMgr.sys 0xF8497000 VolSnap.sys 0xF82D9000 atapi.sys 0xF84A7000 disk.sys 0xF84B7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF82B9000 fltMgr.sys 0xF82A7000 sr.sys 0xF8262000 bdfsfltr.sys 0xF84C7000 PxHelp20.sys 0xF8243000 symsnap.sys 0xF822C000 KSecDD.sys 0xF8219000 WudfPf.sys 0xF818C000 Ntfs.sys 0xF815F000 NDIS.sys 0xF84D7000 AVGIDSEH.sys 0xF8145000 Mup.sys 0xF8697000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF6C21000 \SystemRoot\system32\DRIVERS\igxpmp32.sys 0xF6C0D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF6BE5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF6BA8000 \SystemRoot\system32\DRIVERS\e1e5132.sys 0xF8797000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF6B84000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF879F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF86A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF87A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF87AF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF87B7000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF6B73000 \SystemRoot\system32\DRIVERS\serial.sys 0xF80D0000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF6B5F000 \SystemRoot\system32\DRIVERS\parport.sys 0xF87BF000 \SystemRoot\system32\DRIVERS\tpm.sys 0xF86B7000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF86C7000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF793F000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF6B3C000 \SystemRoot\system32\DRIVERS\ks.sys 0xF87C7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xF89AB000 \SystemRoot\system32\DRIVERS\vncdrv.sys 0xF8B33000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF792F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF80C4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF6B25000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF791F000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF790F000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF87DF000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF6B14000 \SystemRoot\system32\DRIVERS\psched.sys 0xF78FF000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF87E7000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF87EF000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF78EF000 \SystemRoot\system32\DRIVERS\rp_skt32.sys 0xF61A5000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF8507000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF8517000 \SystemRoot\system32\DRIVERS\rp_pkt32.sys 0xF89BF000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF608A000 \SystemRoot\system32\DRIVERS\update.sys 0xF7A58000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF8567000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAA775000 \SystemRoot\system32\drivers\ADIHdAud.sys 0xAA751000 \SystemRoot\system32\drivers\portcls.sys 0xF8597000 \SystemRoot\system32\drivers\drmk.sys 0xF85E7000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF89D9000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF873F000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF89E1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF8657000 \SystemRoot\system32\DRIVERS\DcCam.sys 0xA9C06000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS 0xF8ACD000 \SystemRoot\System32\Drivers\Null.SYS 0xF89E5000 \SystemRoot\System32\Drivers\Beep.SYS 0xF878F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF87D7000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF87F7000 \SystemRoot\System32\drivers\vga.sys 0xF89E9000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF89EB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF87FF000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF8807000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF5EDC000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA9B52000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA9AF9000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA9AD1000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA9AAB000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA9A89000 \SystemRoot\System32\drivers\afd.sys 0xF8677000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA9A5E000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA99EE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF8687000 \SystemRoot\System32\Drivers\Fips.SYS 0xF6195000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAA170000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF7A60000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xF8747000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xA833B000 \SystemRoot\system32\DRIVERS\lvuvc.sys 0xAA0F8000 \SystemRoot\system32\drivers\usbaudio.sys 0xA7B94000 \SystemRoot\system32\DRIVERS\lvrs.sys 0xA1373000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xA135B000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF89DB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xA3D4D000 \SystemRoot\System32\drivers\Dxapi.sys 0xA3C65000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF8B97000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF024000 \SystemRoot\System32\igxpgd32.dll 0xBF012000 \SystemRoot\System32\igxprd32.dll 0xBF04E000 \SystemRoot\System32\igxpdv32.DLL 0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL 0xBF43A000 \SystemRoot\System32\vnchelp.dll 0xA9976000 \SystemRoot\system32\drivers\dcfs2k.sys 0xA1346000 \SystemRoot\System32\Drivers\DefragFS.SYS 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA7E5B000 \??\C:\WINDOWS\system32\socketlock.sys 0xA133E000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xF883F000 \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys 0xA9966000 \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys 0xA122E000 \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys 0xA1179000 \SystemRoot\system32\drivers\wdmaud.sys 0xF6175000 \SystemRoot\system32\drivers\sysaudio.sys 0xA1006000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA1549000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xF78AF000 \SystemRoot\System32\Drivers\DgiVecp.sys 0xA0F64000 \SystemRoot\system32\DRIVERS\srv.sys 0xF89F1000 \SystemRoot\System32\Drivers\vnccom.SYS 0xA49B9000 \SystemRoot\system32\Drivers\LVPr2Mon.sys 0xA0C6C000 \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\BitDefender\profos.sys 0xA0CF4000 \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\BitDefender\trufos.sys 0xA0B50000 \SystemRoot\System32\Drivers\45d64e7b.sys 0xF6125000 \SystemRoot\system32\drivers\de4303fb.sys 0xF8527000 \SystemRoot\System32\Drivers\Cdfs.SYS 0x9F93A000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 41): 0 System Idle Process 4 System 892 C:\WINDOWS\system32\smss.exe 952 csrss.exe 976 C:\WINDOWS\system32\winlogon.exe 1020 C:\WINDOWS\system32\services.exe 1032 C:\WINDOWS\system32\lsass.exe 1212 C:\WINDOWS\system32\svchost.exe 1296 svchost.exe 1436 C:\WINDOWS\system32\svchost.exe 1480 C:\WINDOWS\system32\svchost.exe 1588 C:\Program Files\Videotron\Services de sécurité Vidéotron\Fws.exe 1764 C:\WINDOWS\explorer.exe 1976 svchost.exe 284 svchost.exe 352 C:\WINDOWS\system32\spoolsv.exe 500 C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe 248 svchost.exe 440 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe 524 C:\Program Files\Bonjour\mDNSResponder.exe 580 C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe 1456 C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1960 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 684 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 716 C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe 808 C:\WINDOWS\system32\svchost.exe 796 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe 1636 C:\WINDOWS\system32\searchindexer.exe 2052 C:\Program Files\TeamViewer\Version5\TeamViewer.exe 2092 C:\WINDOWS\system32\wscntfy.exe 2304 C:\Program Files\Canon\CAL\CALMAIN.exe 2908 alg.exe 3064 C:\WINDOWS\system32\igfxtray.exe 3084 C:\WINDOWS\system32\hkcmd.exe 3096 C:\WINDOWS\system32\igfxpers.exe 3108 C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe 3148 C:\Program Files\QuickTime\QTTask.exe 3204 C:\WINDOWS\system32\ctfmon.exe 3864 C:\Program Files\Videotron\Videotron Service Agent\VideotronSAComHandler.exe 4072 wmiprvse.exe 1708 D:\Client\Mes documents\Téléchargements\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dcd400 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32) PhysicalDrive0 Model Number: HDS728080PLA38040Y9028LEN, Rev: PF2OA65A PhysicalDrive1 Model Number: WD2500BMV External, Rev: 1.75 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719 232 GB \\.\PhysicalDrive1 RE: Unknown MBR code SHA1: CE7DBBBEE43059700485C7835F4E1ED6D2FADB1C Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Done! Je ne savais pas ce qu'il fallait faire avec ça alors j'ai préféré sortir... Pour ce qui est du fichier dans "Drivers", j'ai bien vérifié que les fichiers et dossiers cachés étaient affichés mais rien n'y fait, je n'ai pas ce fichier ! À bientôt et merci.
  7. salmon
    Bonjour Thanos, Celui-là a très bien fonctionné, alors voici: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/10/21 21:06 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: 068d9605.sys Image Path: C:\WINDOWS\system32\drivers\068d9605.sys Address: 0xA0D87000 Size: 38624 File Visible: No Signed: - Status: - Name: 0bf89c04.sys Image Path: C:\WINDOWS\System32\Drivers\0bf89c04.sys Address: 0xA0646000 Size: 143744 File Visible: No Signed: - Status: - Name: 84d21f1d.sys Image Path: C:\WINDOWS\System32\Drivers\84d21f1d.sys Address: 0xA066A000 Size: 574976 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA1333000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF89EB000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA05FE000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\documents and settings\all users\application data\videotron\services de sécurité vidéotron\logs\bde-log-wednesday october-20-10 14.28.26.txt Status: Allocation size mismatch (API: 8192, Raw: 4096) Path: Volume F:\ Status: MBR Rootkit Detected! Path: F:\FOUND.000 Status: Visible to the Windows API, but not on disk. Path: F:\logitiel Status: Visible to the Windows API, but not on disk. Path: F:\photo Status: Visible to the Windows API, but not on disk. Path: F:\punta cana '09 Status: Visible to the Windows API, but not on disk. Path: F:\a5270f7fc77b0f528e8e8583a973 Status: Visible to the Windows API, but not on disk. Path: F:\Médaille 1-06-09 Status: Visible to the Windows API, but not on disk. Path: F:\BUREAU ancien Status: Visible to the Windows API, but not on disk. Path: F:\Simple Comptable Premier Niveau 2009 Status: Visible to the Windows API, but not on disk. Path: F:\Ville Chicoutimi Status: Visible to the Windows API, but not on disk. Path: F:\Miniature '09 Status: Visible to the Windows API, but not on disk. Path: F:\murale ciment 3.02.10 Status: Visible to the Windows API, but not on disk. Path: F:\François et Mexicain Status: Visible to the Windows API, but not on disk. Path: F:\photos KodaK 2-11-09 Status: Visible to the Windows API, but not on disk. Path: F:\sculptures 090bibelot Status: Visible to the Windows API, but not on disk. Path: F:\Vol sculpture Status: Visible to the Windows API, but not on disk. Path: F:\Léo-Laurent Status: Visible to the Windows API, but not on disk. Path: F:\Galerie Buade Status: Visible to the Windows API, but not on disk. Path: F:\SYMPOSIUM 23.04.10 Status: Visible to the Windows API, but not on disk. Path: F:\P Site Germain Status: Visible to the Windows API, but not on disk. Path: F:\2009-08-09 festival de jazz Status: Visible to the Windows API, but not on disk. Path: F:\System Volume Information Status: Visible to the Windows API, but not on disk. Path: F:\Bedaine,buste etaffiches Status: Visible to the Windows API, but not on disk. Path: F:\Germain,mairesse,Blaney Status: Visible to the Windows API, but not on disk. Path: F:\100_2595.jpg Status: Visible to the Windows API, but not on disk. Path: F:\Jardin sculpture 06-09 Status: Visible to the Windows API, but not on disk. Path: F:\sculptures «Impro» 08 Status: Visible to the Windows API, but not on disk. Path: F:\La mère et ...vidéo Status: Visible to the Windows API, but not on disk. Path: F:\Buade catalogue Status: Visible to the Windows API, but not on disk. Path: F:\Cancer '09 Status: Visible to the Windows API, but not on disk. Path: F:\Carte bedaine 2009 Status: Visible to the Windows API, but not on disk. Path: F:\Certificat authenticité Status: Visible to the Windows API, but not on disk. Path: F:\Liste d'envoie Status: Visible to the Windows API, but not on disk. Path: F:\Médailles-nids traitées Status: Visible to the Windows API, but not on disk. Path: F:\Mélissa buste Status: Visible to the Windows API, but not on disk. Path: F:\Salle de bain essaie Status: Visible to the Windows API, but not on disk. Path: F:\6a7a890b54ed3e68475ac9 Status: Visible to the Windows API, but not on disk. Path: F:\Recycled Status: Visible to the Windows API, but not on disk. Path: F:\soliste terrain Status: Visible to the Windows API, but not on disk. Path: F:\affiche hiver 2010 B.pdf Status: Visible to the Windows API, but not on disk. Path: F:\affiche hiver 2010 B.psd Status: Visible to the Windows API, but not on disk. Path: F:\Atelier à louer.pdf.psd.pdf Status: Visible to the Windows API, but not on disk. Path: F:\ce n'est pas un paysage féminin.jpg Status: Visible to the Windows API, but not on disk. Path: F:\enseig atelier, sege-her.jpg Status: Visible to the Windows API, but not on disk. Path: F:\Municipalité de Stoneham.docx Status: Visible to the Windows API, but not on disk. Path: F:\ǹ Status: Visible to the Windows API, but not on disk. Path: F:\ «APP.ÂT~ Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys" at address 0xa4992470 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys" at address 0xa4992520 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys" at address 0xa49925c0 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys" at address 0xa4992660 ==EOF== Merci encore, j'attends tes instructions pour la suite !
  8. salmon
    Bonjour Thanos, Je n'avais pas pensé aux fichiers cachés (oups!), mais malgré tout je ne trouve toujours pas le fichier en question. Mystère... Et pour ce qui est de l'autre opération (GMER) j'ai essayé deux fois sans succès (l'ordi a planté les deux fois), alors je ne peux pas te fournir le log. Je te remercie à l'avance s'il y a autre chose que je puisse essayer pour régler le problème, mais comme déjà mentionné, je crois que je vais essayer de changer d'anti-virus pour voir qu'est-ce que ça donne. MERCI!
  9. salmon
    Merci Thanos, J'ai dû refaire le Combofix parce que je n'avais pas le log. Voici le nouveau log: ComboFix 10-10-18.01 - Client 2010-10-18 21:18:18.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.501.70 [GMT -4:00] Lancé depuis: d:\client\Mes documents\Téléchargements\ComboFix.exe AV: Services de sécurité Vidéotron Antivirus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: Services de sécurité Vidéotron Coupe-feu *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22} * Un antivirus résident est actif . ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-19 au 2010-10-19 )))))))))))))))))))))))))))))))))))) . 2010-10-15 13:31 . 2010-10-15 13:31 -------- d-----w- c:\documents and settings\Client\Application Data\Windows Search 2010-10-15 13:28 . 2010-10-19 00:58 -------- d-----w- c:\program files\trend micro 2010-10-15 13:28 . 2010-10-15 13:29 -------- d-----w- C:\rsit 2010-10-13 16:53 . 2010-10-13 16:53 -------- d-----w- c:\documents and settings\Client\Local Settings\Application Data\Mozilla 2010-10-13 16:30 . 2010-10-13 16:30 -------- d-----w- c:\documents and settings\Client\Application Data\Malwarebytes 2010-10-13 16:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-13 16:30 . 2010-10-13 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-13 16:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-13 16:30 . 2010-10-13 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((( SnapShot@2010-10-14_00.04.39 ))))))))))))))))))))))))))))))))))))))))) . + 2007-08-09 18:59 . 2007-08-09 18:59 106496 c:\windows\system32\myodbc3m.exe + 2007-08-09 18:59 . 2007-08-09 18:59 114688 c:\windows\system32\myodbc3i.exe + 2010-10-17 14:08 . 2010-10-17 14:08 188928 c:\windows\Installer\4c02a25.msi + 2007-08-09 18:59 . 2007-08-09 18:59 6660096 c:\windows\system32\myodbc3S.dll + 2007-08-09 18:59 . 2007-08-09 18:59 2179072 c:\windows\system32\myodbc3.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "VideotronSA.exe"="c:\program files\Videotron\Videotron Service Agent\VideotronSA.exe" [2010-03-02 4281584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Camera Monitor HD.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Camera Monitor HD.lnk backup=c:\windows\pss\Camera Monitor HD.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager] 2008-09-19 04:00 87336 ----a-w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-09 02:17 52256 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 23:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 20:40 155648 -c--a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WHITNEY_S2P] 2006-03-27 06:35 229376 ----a-w- c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Videotron\\Videotron Service Agent\\ServicepointService.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-09-01 25608] R2 Gestionnaire de connexion de Simple Comptable;Gestionnaire de connexion de Simple Comptable;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [2009-10-15 16680] R2 Radialpoint Security Services;Services de sécurité Vidéotron;c:\program files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe [2010-03-02 166944] R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [2010-09-01 5832712] R2 ServicepointService;ServicepointService;c:\program files\Videotron\Videotron Service Agent\ServicepointService.exe [2010-09-01 689392] R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2009-06-03 3712] R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2010-04-21 6016] R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2010-09-01 122376] R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [2010-09-01 30216] R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2010-09-01 25736] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - 112DACBE *NewlyCreated* - F82AC10A *Deregistered* - 112dacbe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan sysagent . Contenu du dossier 'Tâches planifiées' 2010-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:55] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:55] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Client\Application Data\Mozilla\Firefox\Profiles\xg8shacg.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Videotron\Videotron Service Agent\nprpspa.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3908) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . Heure de fin: 2010-10-18 21:36:53 ComboFix-quarantined-files.txt 2010-10-19 01:36 ComboFix2.txt 2010-10-14 00:10 Avant-CF: 7 391 887 360 octets libres Après-CF: 7 499 419 648 octets libres - - End Of File - - 6D1AE8ECF97F6185F86A8ACF22C90620 Pour ce qui est du fichier mentionné (dans system32/drivers), je suis désolé, je ne le trouve absolument pas, il n'y est pas c'est juré ! Et effectivement, Vidéotron est un anti-virus installé par le fournisseur internet, anti-virus avec plusieurs services: protection pro-active, coupe-feu, anti-espion, protection contre la fraude. C'est pour ça que je me demande si ce n'est pas lui qui fait autant "ramer" l'ordinateur. J'attends ta réponse et je pense bien que je vais l'éliminer pour un plus efficace et plus léger. Merci encore une fois !
  10. salmon
    Rebonjour, Excusez mon ignorance, après réflexion j'ai trouvé l'emplacement à partir du log envoyé précédemment. VOici donc le résultat de l'analyse du fichier: RpsSecurityAwareR.exe Submission date: 2010-10-16 15:03:35 (UTC) Current status: queued (#2) queued (#2) analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.10.16.00 2010.10.15 - AntiVir 7.10.12.230 2010.10.16 - Antiy-AVL 2.0.3.7 2010.10.16 - Authentium 5.2.0.5 2010.10.16 - Avast 4.8.1351.0 2010.10.16 - Avast5 5.0.594.0 2010.10.16 - AVG 9.0.0.851 2010.10.16 - BitDefender 7.2 2010.10.16 - CAT-QuickHeal 11.00 2010.10.15 - ClamAV 0.96.2.0-git 2010.10.15 - Comodo 6405 2010.10.16 - DrWeb 5.0.2.03300 2010.10.16 - Emsisoft 5.0.0.50 2010.10.16 - eSafe 7.0.17.0 2010.10.14 - eTrust-Vet 36.1.7914 2010.10.15 - F-Prot 4.6.2.117 2010.10.16 - F-Secure 9.0.16160.0 2010.10.16 - Fortinet 4.2.249.0 2010.10.16 - GData 21 2010.10.16 - Ikarus T3.1.1.90.0 2010.10.16 - Jiangmin 13.0.900 2010.10.16 - K7AntiVirus 9.66.2760 2010.10.15 - Kaspersky 7.0.0.125 2010.10.16 - McAfee 5.400.0.1158 2010.10.16 - McAfee-GW-Edition 2010.1C 2010.10.16 - Microsoft 1.6201 2010.10.16 - NOD32 5536 2010.10.16 - Norman 6.06.07 2010.10.16 - nProtect 2010-10-16.01 2010.10.16 - Panda 10.0.2.7 2010.10.15 - PCTools 7.0.3.5 2010.10.16 - Prevx 3.0 2010.10.16 - Rising 22.69.04.03 2010.10.15 - Sophos 4.58.0 2010.10.16 - Sunbelt 7072 2010.10.16 - SUPERAntiSpyware 4.40.0.1006 2010.10.16 - Symantec 20101.2.0.161 2010.10.16 - TheHacker 6.7.0.1.058 2010.10.16 - TrendMicro 9.120.0.1004 2010.10.16 - TrendMicro-HouseCall 9.120.0.1004 2010.10.16 - VBA32 3.12.14.1 2010.10.15 - ViRobot 2010.9.25.4060 2010.10.16 - VirusBuster 12.69.2.0 2010.10.16 - Additional information Show all MD5 : 6fffaf449edabed5ae970e154013f934 SHA1 : 9c02a7d13864774bc6f6878bb4ca0989495b293d SHA256: 1923992d1f5234e45985fa67a2e93f153dbea97e3efd9d95dd7a17a4aad0e236 ssdeep: 3072:ZbKW2gRi8WflCfQNuvQcx7viYq0Wk+Uq8PJAp8NRQoYnFL3bOTPCoWHOxs2:cgPyCcuvRz W9NWGp8NOPFzbOTKoWQP File size : 166944 bytes First seen: 2010-04-20 01:59:20 Last seen : 2010-10-16 15:03:35 TrID: Win32 Executable MS Visual C++ (generic) (75.0%) Win32 Executable Generic (16.9%) Generic Win/DOS Executable (3.9%) DOS Executable Generic (3.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Vid_otron copyright....: Copyright © 2002-2010 Radialpoint. product......: Services de s_curit_ Vid_otron description..: Radialpoint 9.0.44 original name: RpsSecurityAwareR.exe internal name: Radialpoint Client file version.: 9.0.44.43458 comments.....: signers......: Radialpoint VeriSign Class 3 Code Signing 2004 CA Class 3 Public Primary Certification Authority signing date.: 10:12 PM 3/2/2010 verified.....: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x114A0 timedatestamp....: 0x4B8D6577 (Tue Mar 02 19:22:31 2010) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x11EEF, 0x12000, 6.46, a68650020d61525bc1aa04e56a1e282d .rdata, 0x13000, 0xAC74, 0xAE00, 5.05, 9a34e899872269d355d373dd02529fb5 .data, 0x1E000, 0x3A88, 0x3400, 5.06, 5d5c1411617f557fedecb7d1851b067e .rsrc, 0x22000, 0x3588, 0x3600, 4.73, 058309e92ab1981f58f82b527efef040 .reloc, 0x26000, 0x31A4, 0x3200, 5.78, 4cb9658b14c82294b62b501342b23de1 [[ 13 import(s) ]] CLBR.DLL: _DeleteAllValues@IZkRegistry@@SA_NPAUHKEY__@@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@@Z, _DeleteAllChildKeys@IZkRegistry@@SA_NPAUHKEY__@@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@@Z, _DoesMachineValueExist@IZkRegistry@@SA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@0@Z, _DeleteKeyValue@IZkRegistry@@SA_NPAUHKEY__@@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@1@Z, _HandleFatalCrtParameterErrorGeneric@ExceptionFilter@@SAXPB_W00II@Z, _SetStringChecked@IZkRegistry@@SAKPAUHKEY__@@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@11@Z, _SetValue@IZkRegistry@@SAKPAUHKEY__@@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@1KPBEK@Z, _ImportRegKey@IZkRegistry@@SAKPAUHKEY__@@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@1@Z, _connect@ZkSubject@@QAGXPAVZkObserver@@@Z, _ExportRegKey@IZkRegistry@@SAKPAUHKEY__@@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@1@Z, _AddPriv@ZKS@@YA_NKABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@@Z, _KillProcess@ZKS@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _KillProcess@ZKS@@YA_NK@Z, _GetProcessExeFileNameW@ZKS@@YA_NKAAV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _CreateProcessInSession@ZKS@@YA_AU_$pair@KV_$shared_ptr@U_PROCESS_INFORMATION@@@boost@@@std@@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@3@KK@Z, __0DisableFSRedirectionGuard@ZKS@@QAE@XZ, __1DisableFSRedirectionGuard@ZKS@@QAE@XZ, _SetSystemTime@ZKS@@YA_NK@Z, _ShowMsg@IZkConsoleMsg@@SAXW4ConsImage@@IZZ, _ShowMsg@IZkConsoleMsg@@SAXIZZ, _WStringToString@ZKS@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@ABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@3@@Z, _TestGlobalMutex@ZkAppState@@YA_NPBD@Z, _WaitTimeOut@ZkEvent@@QAE_NK@Z, __0ZkEvent@@QAE@_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@@Z, __1ZkEvent@@QAE@XZ, _SetEvent@ZkEvent@@QAE_NXZ, _PerformAsync@Asynchronous@@YA_AV_$shared_ptr@PAX@boost@@ABV_$function0@X@3@@Z, _OpenGlobalMutex@ZkAppState@@YAPAX_NPBD@Z, _MakeHandlePtr@ZKS@@YA_AV_$shared_ptr@PAX@boost@@PAX@Z, _StringToWString@ZKS@@YA_AV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@3@@Z, _ResetROFlag@IZkFileHelp@@SA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _DeleteLsp@IZkFileHelp@@SA_NPAU_GUID@@@Z, _WriteBinaryFile@IZkFileHelp@@SA_NPB_WPBEI0@Z, _BinDataToHexString@ZKS@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@PBEI@Z, _GetFileSizeW@IZkFileHelp@@SA_KABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _FileExistsW@IZkFileHelp@@SA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _CreateDirectoryW@IZkFileHelp@@SAXABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _disallow_everyone_access_to_folderW@ZkSecurityHelper@@SA_NABV_$basic_string@_WUci_char_traitsw@ZKS@@V_$allocator@_W@std@@@std@@@Z, _allow_everyone_access_to_folderW@ZkSecurityHelper@@SA_NABV_$basic_string@_WUci_char_traitsw@ZKS@@V_$allocator@_W@std@@@std@@@Z, _FileRestoreEncrypted@IZkFileHelp@@SA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@0@Z, _FileRestore@IZkFileHelp@@SA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@0@Z, _FileBackup@IZkFileHelp@@SA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@0@Z, _IsFileMarkedToBeDeletedAtRebootInRegistry@IZkRegistry@@SA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _RemoveFileToBeDeletedAfterRebootFromRegistry@IZkRegistry@@SAXABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _DeleteFileAfterRebootIfnotProtected@IZkFileHelp@@SA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _DeleteFileA@IZkFileHelp@@SA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@@Z, _disconnect@ZkSubject@@QAGXPAVZkObserver@@@Z, __1IZkConsoleMsg@@UAE@XZ, _m_instance@ZkSingletonIZkConsoleMsg@@0PAVIZkConsoleMsg@@A, __0IZkConsoleMsg@@QAE@XZ, __0ZkObserver@@QAE@XZ, __1ZkObserver@@UAE@XZ, __0AutoMarshalDispatch@@QAE@PAUIUnknown@@@Z, _HandleFatalExceptionGeneric@ExceptionFilter@@SGJPAU_EXCEPTION_POINTERS@@@Z CRYPT32.dll: CryptUnprotectData, CryptProtectData KERNEL32.dll: QueryPerformanceCounter, IsDebuggerPresent, UnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, GetProcessHeap, HeapAlloc, HeapDestroy, GetThreadLocale, GetLocaleInfoA, GetACP, GetVersionExA, HeapFree, HeapSize, GetSystemTimeAsFileTime, HeapReAlloc, InterlockedExchange, CreateThread, CreateEventA, GetCommandLineA, SetUnhandledExceptionFilter, TerminateProcess, GetCurrentThread, GetCurrentProcess, GetCurrentThreadId, SetEvent, GetExitCodeProcess, Sleep, GetTickCount, LocalFree, GetCurrentProcessId, WaitForSingleObject, GetBinaryTypeW, FreeLibrary, CloseHandle, ReadFile, GetFileSize, CopyFileW, CreateFileW, IsDBCSLeadByte, InterlockedDecrement, InterlockedIncrement, GetModuleHandleA, lstrcmpiA, RaiseException, lstrlenA, MultiByteToWideChar, lstrlenW, LeaveCriticalSection, GetLastError, EnterCriticalSection, FindResourceA, SizeofResource, LockResource, LoadResource, InitializeCriticalSection, WideCharToMultiByte, FindResourceExA, DeleteCriticalSection, GetModuleFileNameA USER32.dll: PostThreadMessageA, MessageBoxA, DispatchMessageA, TranslateMessage, CharUpperA, CharNextA, GetMessageA, LoadStringA, UnregisterClassA ADVAPI32.dll: RegSetValueExA, RegDeleteKeyA, RegEnumKeyExA, RegCreateKeyExA, RegCloseKey, RegOpenKeyExA, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, FileEncryptionStatusW, CryptAcquireContextA, OpenServiceA, QueryServiceStatus, ControlService, StartServiceA, ChangeServiceConfigA, OpenSCManagerA, CloseServiceHandle, SetServiceStatus, GetLengthSid, StartServiceCtrlDispatcherA, IsValidSid, CreateServiceA, SetSecurityDescriptorOwner, DeleteService, SetSecurityDescriptorGroup, OpenProcessToken, RegisterServiceCtrlHandlerA, OpenThreadToken, RegisterEventSourceA, ReportEventA, DeregisterEventSource, InitializeSecurityDescriptor, CopySid, RegDeleteValueA, GetTokenInformation, RegQueryValueExA SHELL32.dll: SHGetFileInfoA ole32.dll: CoInitializeSecurity, CoResumeClassObjects, CoSuspendClassObjects, CoInitialize, CoUninitialize, CLSIDFromProgID, CLSIDFromString, OleRun, CoCreateInstance, StringFromCLSID, CoTaskMemFree, CoCreateFreeThreadedMarshaler, CoInitializeEx OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, - ATL80.DLL: -, -, -, -, -, -, -, -, -, -, - MSVCP80.dll: _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@XZ, __0_$basic_ios@DU_$char_traits@D@std@@@std@@IAE@XZ, _allocate@_$allocator@D@std@@QAEPADIPBX@Z, __0_Lockit@std@@QAE@H@Z, _sputn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHPBDH@Z, __0_$basic_ostream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _copy@_$char_traits@D@std@@SAPADPADPBDI@Z, _sputc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHD@Z, _length@_$char_traits@D@std@@SAIPBD@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Copy_s@_$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@PB_W@Z, __Move_s@_$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z, _deallocate@_$allocator@_W@std@@QAEXPA_WI@Z, __Xran@_String_base@std@@SAXXZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __Xlen@_String_base@std@@SAXXZ, __1_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@XZ, _allocate@_$allocator@_W@std@@QAEPA_WI@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __1_Lockit@std@@QAE@XZ, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, __Getcat@_$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, _id@_$ctype@D@std@@2V0locale@2@A, __Bid@locale@std@@QAEIXZ, __1_$basic_streambuf@DU_$char_traits@D@std@@@std@@UAE@XZ, __Lock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, _widen@_$ctype@D@std@@QBEDD@Z, _resize@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _imbue@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z, _narrow@_$ctype@D@std@@QBEDDD@Z, __$_HDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBDABV10@@Z, ___7_$basic_ostream@DU_$char_traits@D@std@@@std@@6B@, _sync@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, __Getfacet@locale@std@@QBEPBVfacet@12@I@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _setbuf@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEPAV12@PADH@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@K@Z, __1_$basic_ios@DU_$char_traits@D@std@@@std@@UAE@XZ, _flush@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@XZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@V_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@0@Z, _xsputn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHPBDH@Z, __Osfx@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEXXZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDI@Z, _deallocate@_$allocator@D@std@@QAEXPADI@Z, __1locale@std@@QAE@XZ, _uncaught_exception@std@@YA_NXZ, _clear@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, __Xsgetn_s@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHPADIH@Z, _reserve@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _widen@_$basic_ios@DU_$char_traits@D@std@@@std@@QBEDD@Z, _xsgetn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHPADH@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Unlock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, _uflow@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, __Incref@facet@locale@std@@QAEXXZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, __4locale@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __0_$basic_streambuf@DU_$char_traits@D@std@@@std@@IAE@XZ, __0locale@std@@QAE@XZ, _showmanyc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, __Register@facet@locale@std@@QAEXXZ, _imbue@_$basic_ios@DU_$char_traits@D@std@@@std@@QAE_AVlocale@2@ABV32@@Z, _exceptions@ios_base@std@@QAEXH@Z MSVCR80.dll: _ltoa_s, _controlfp_s, _invoke_watson, __type_info_dtor_internal_method@type_info@@QAEXXZ, _crt_debugger_hook, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _configthreadlocale, _initterm_e, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _amsg_exit, _decode_pointer, _onexit, _lock, _encode_pointer, __dllonexit, _unlock, _terminate@@YAXXZ, _CxxThrowException, __CxxFrameHandler3, __3@YAXPAX@Z, strcpy_s, memcpy_s, __2@YAPAXI@Z, ___V@YAXPAX@Z, calloc, memcmp, memset, free, _resetstkoflw, __RTDynamicCast, _mbsnbcpy_s, _purecall, wcslen, malloc, _recalloc, __0exception@std@@QAE@ABQBD@Z, __0exception@std@@QAE@XZ, _what@exception@std@@UBEPBDXZ, __1exception@std@@UAE@XZ, __0exception@std@@QAE@ABV01@@Z, _invalid_parameter_noinfo, __8type_info@@QBE_NABV0@@Z, __0bad_cast@std@@QAE@PBD@Z, strtol, __0bad_cast@std@@QAE@ABV01@@Z, __1bad_cast@std@@UAE@XZ, memmove_s, _vsnprintf_s, puts, _set_invalid_parameter_handler NETAPI32.dll: NetShareAdd, NetShareDel FreeSCR.dll: _SetServiceStatus@FreedomSecurityCenter@@YAJW4ServiceId@1@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@1Vtribool@logic@boost@@2@Z, _SetWindowsFirewallState@FreedomSecurityCenter@@YAJ_N@Z ExifTool: file metadata BuildNumber: 43458 CharacterSet: Unicode CodeSize: 73728 Comments: CompanyName: Vid otron EntryPoint: 0x114a0 FileDescription: Radialpoint 9.0.44 FileFlagsMask: 0x003f FileOS: Win32 FileSize: 163 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 9.0.44.43458 FileVersionNumber: 9.0.44.43458 ImageVersion: 0.0 InitializedDataSize: 84480 InternalName: Radialpoint Client LanguageCode: English (U.S.) LegalCopyright: Copyright © 2002-2010 Radialpoint. LegalTrademarks: Radialpoint Inc. LinkerVersion: 8.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Executable application OriginalFilename: RpsSecurityAwareR.exe PEType: PE32 PrivateBuild: 9.0.44.43458 ProductName: Services de s curit Vid otron ProductVersion: 9.0.44.43458 ProductVersionNumber: 9.0.44.0 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2010:03:02 20:22:31+01:00 UninitializedDataSize: 0 ------------------------------- Ils semble bien que le fichier ne soit pas infecté !? Le problème peut-il être tout simplement que l'anti-virus tire trop de jus (mal adapté à la faible mémoire vive de l'ordi ??) Merci encore beaucoup à l'avance.
  11. salmon
    Bonjour et merci pour l'accueil chaleureux, Voici les logs demandés: Logfile of random's system information tool 1.08 (written by random/random) Run by Client at 2010-10-15 09:28:51 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 10 GB (24%) free of 40 GB Total RAM: 501 MB (7% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:29:52, on 2010-10-15 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Videotron\Services de sécurité Vidéotron\Fws.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe C:\Program Files\Videotron\Services de sécurité Vidéotron\rps.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TeamViewer\Version5\TeamViewer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe C:\Program Files\Videotron\Videotron Service Agent\VideotronSAComHandler.exe C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe d:\Client\Mes documents\Téléchargements\RSIT.exe C:\Program Files\trend micro\Client.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe" /AUTORUN O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Videotron\Services de sécurité Vidéotron\IdxClnR.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Videotron\Services de sécurité Vidéotron\IdxClnR.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gestionnaire de connexion de Simple Comptable - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Services de sécurité Vidéotron (Radialpoint Security Services) - Vidéotron - C:\Program Files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Videotron\Services de sécurité Vidéotron\Fws.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9190 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168] "WHITNEY_S2P"=C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe [2006-03-27 229376] "ConnectionManager"=C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [2008-09-19 87336] "VideotronSA.exe"=C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe [2010-03-02 4281584] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"=C:\Program Files\Videotron\Services de sécurité Vidéotron\IdxClnR.exe [2010-03-02 67016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"=C:\Program Files\Videotron\Services de sécurité Vidéotron\IdxClnR.exe [2010-03-02 67016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Camera Monitor HD.lnk] C:\PROGRA~1\PIXELA\EVERIO~1\MBCAME~1.EXE [2008-11-13 541976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2005-11-04 176128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk] C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Radialpoint Security Services] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe"="C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:*:Enabled:mysqld-nt.exe 5.0.38" "C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe"="C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe:*:Enabled:SimplyConnectionManager.exe" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour" "C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe"="C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe:*:Enabled:Servicepoint Service" "C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-10-15 09:28:53 ----D---- C:\Program Files\trend micro 2010-10-15 09:28:51 ----D---- C:\rsit 2010-10-14 00:15:57 ----A---- C:\WINDOWS\system32\drivers\fcphbpd.sys 2010-10-13 20:10:19 ----A---- C:\ComboFix.txt 2010-10-13 20:09:48 ----SHD---- C:\RECYCLER 2010-10-13 19:46:38 ----A---- C:\Boot.bak 2010-10-13 19:46:25 ----RASHD---- C:\cmdcons 2010-10-13 19:39:28 ----A---- C:\WINDOWS\zip.exe 2010-10-13 19:39:28 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-10-13 19:39:28 ----A---- C:\WINDOWS\SWSC.exe 2010-10-13 19:39:28 ----A---- C:\WINDOWS\SWREG.exe 2010-10-13 19:39:28 ----A---- C:\WINDOWS\sed.exe 2010-10-13 19:39:28 ----A---- C:\WINDOWS\PEV.exe 2010-10-13 19:39:28 ----A---- C:\WINDOWS\NIRCMD.exe 2010-10-13 19:39:28 ----A---- C:\WINDOWS\MBR.exe 2010-10-13 19:39:28 ----A---- C:\WINDOWS\grep.exe 2010-10-13 19:39:15 ----D---- C:\WINDOWS\ERDNT 2010-10-13 19:32:07 ----D---- C:\Qoobox 2010-10-13 12:36:29 ----D---- C:\Program Files\Mozilla Firefox 2010-10-13 12:30:53 ----D---- C:\Documents and Settings\Client\Application Data\Malwarebytes 2010-10-13 12:30:10 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-10-13 12:30:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-10-13 12:30:06 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-10-13 12:30:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-13 12:05:14 ----D---- C:\WINDOWS\pss ======List of files/folders modified in the last 1 months====== 2010-10-15 09:29:32 ----D---- C:\WINDOWS\Prefetch 2010-10-15 09:28:53 ----RD---- C:\Program Files 2010-10-14 21:21:04 ----D---- C:\WINDOWS\Temp 2010-10-14 20:21:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-10-14 00:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2010-10-14 00:15:57 ----D---- C:\WINDOWS\system32\drivers 2010-10-13 20:16:46 ----D---- C:\WINDOWS\system32\CatRoot2 2010-10-13 20:15:25 ----D---- C:\WINDOWS\system32 2010-10-13 20:04:41 ----D---- C:\WINDOWS 2010-10-13 20:04:41 ----A---- C:\WINDOWS\system.ini 2010-10-13 19:54:17 ----D---- C:\WINDOWS\AppPatch 2010-10-13 19:54:12 ----D---- C:\Program Files\Fichiers communs 2010-10-13 19:46:38 ----RASH---- C:\boot.ini 2010-10-13 17:37:15 ----D---- C:\Documents and Settings\Client\Application Data\TeamViewer 2010-10-13 14:18:38 ----AC---- C:\WINDOWS\win.ini 2010-10-13 14:13:43 ----D---- C:\Program Files\DivX 2010-10-13 13:23:13 ----SHD---- C:\WINDOWS\Installer 2010-10-13 13:21:43 ----D---- C:\Program Files\Fichiers communs\Apple 2010-10-13 12:53:47 ----D---- C:\Documents and Settings\Client\Application Data\Mozilla 2010-10-13 12:52:31 ----HD---- C:\Program Files\InstallShield Installation Information 2010-10-13 12:49:57 ----AC---- C:\WINDOWS\ODBCINST.INI 2010-10-13 12:48:08 ----D---- C:\Program Files\Logitech 2010-10-13 12:46:35 ----D---- C:\Program Files\Google 2010-10-13 12:43:14 ----D---- C:\Documents and Settings\Client\Application Data\Adobe 2010-10-13 12:43:13 ----D---- C:\WINDOWS\system32\Macromed 2010-10-13 12:43:13 ----D---- C:\Documents and Settings\Client\Application Data\Macromedia 2010-10-13 12:10:38 ----AC---- C:\WINDOWS\ODBC.INI 2010-09-28 19:18:06 ----AC---- C:\WINDOWS\NeroDigital.ini 2010-09-28 13:35:07 ----D---- C:\Documents and Settings\Client\Application Data\ZoomBrowser EX ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-10-23 285704] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872] R0 RadialpointIDSEH;RadialpointIDSEH; C:\WINDOWS\system32\drivers\AVGIDSEH.sys [2009-11-02 25608] R0 symsnap;Symantec Volume Snap Shot Driver; C:\WINDOWS\system32\DRIVERS\symsnap.sys [2007-03-28 131944] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673] R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-06-08 71696] R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-11-30 41984] R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2010-09-01 53192] R2 SocketLock;Raw Socket Lock Driver; \??\C:\WINDOWS\system32\socketlock.sys [] R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-01-24 176128] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-05 241296] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032] R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2009-10-07 25752] R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-10-07 266008] R3 LVUVC;Logitech Webcam 500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632] R3 Profos;Profos; \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\BitDefender\profos.sys [] R3 RadialpointIDSDriver;RadialpointIDSDriver; \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [] R3 RadialpointIDSFilter;RadialpointIDSFilter; \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [] R3 RadialpointIDSShim;RadialpointIDSShim; \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [] R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2010-09-01 48384] R3 Trufos;Trufos; \??\C:\Program Files\Videotron\Services de sécurité Vidéotron\BitDefender\trufos.sys [] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736] S0 efyu;efyu; C:\WINDOWS\System32\drivers\fcphbpd.sys [2010-10-14 54016] S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\Client\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564] S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022] S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2007-05-01 17792] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370] R2 Gestionnaire de connexion de Simple Comptable;Gestionnaire de connexion de Simple Comptable; C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-09-19 16680] R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 Radialpoint Security Services;Services de sécurité Vidéotron; C:\Program Files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe [2010-03-02 166944] R2 RadialpointIDSAgent;RadialpointIDSAgent; C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe [2009-11-02 5832712] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-13 272024] R2 RP_FWS;Services de sécurité Vidéotron Coupe-feu; C:\Program Files\Videotron\Services de sécurité Vidéotron\Fws.exe [2010-03-02 382208] R2 ServicepointService;ServicepointService; C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe [2010-03-02 689392] R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-15 654848] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-16 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-06-08 931080] S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-06-08 1033480] S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF----------------- info.txt logfile of random's system information tool 1.08 2010-10-15 09:29:59 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Premiere Elements 4.0 Templates-->msiexec /I {F85C7118-F3DC-4ED9-AB27-3E7931EA3D88} Adobe Premiere Elements 4.0 Templates-->MsiExec.exe /I{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88} Adobe Premiere Elements 4.0-->msiexec /I {3E2C691B-B7E6-4053-B5C3-94B8BC407E7A} Adobe Premiere Elements 4.0-->MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A} Adobe Reader 9.3.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Advanced RealMedia Export Plug-in for Premiere 6.0-->C:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0 Agent de services Vidéotron 3.5.18-->"C:\Program Files\Videotron\Videotron Service Agent\unins000.exe" Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF} Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8} Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini" Canon DIGITAL CAMERA Solution Disk - Guide d'utilisation des logiciels-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\Software Guide\Uninst.ini" Canon Guide d'impression personnelle-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\Personal Printing Guide\Uninst.ini" Canon MOV Decoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Decoder132\CanonMOVDecoderUnInstall.ini" Canon MOV Encoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini" Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini" Canon Utilities CameraWindow DC 8-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC8\Uninst.ini" Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Utilities CameraWindow DC-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini" Canon Utilities CameraWindow-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini" Canon Utilities Digital Photo Professional 3.7-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini" Canon Utilities MyCamera DC-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini" Canon Utilities MyCamera-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini" Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini" Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini" CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6} CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} Coffret de pilotes Logitech Webcam Software-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_12.10" /clone_wait /hide_progress Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0} Digital Photo Navigator 1.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}\setup.EXE" -l0x9 DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8} ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340} ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD} ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331} ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567} essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF} ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69} ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1} Everio MediaBrowser HD Edition-->"C:\Program Files\InstallShield Installation Information\{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}\setup.exe" -runfromtemp -l0x040cUNINSTALL -removeonly Google Chrome-->"C:\Program Files\Google\Chrome\Application\6.0.472.63\Installer\setup.exe" --uninstall --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008} HijackThis 2.0.2-->"d:\Client\Mes documents\Téléchargements\HijackThis.exe" /uninstall HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE} HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21} HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8} Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Intel® PRO Network Connections Drivers-->Prounstl.exe KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Logiciel Kodak EasyShare-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_9c4aa97\Setup.exe /APR-REMOVE Logitech Webcam Software-->MsiExec.exe /I{C27BC2A2-30DD-4014-B22E-63EB0DB572F9} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Mozilla Firefox (3.6.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C} OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353} PerfectDisk 10 Professional-->MsiExec.exe /I{7B738CD9-D107-48C7-8E65-2E6639A39C8D} Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025} RPS CRT-->MsiExec.exe /I{F22B6F59-D6A5-4FA1-A913-D821A9F53DD6} RPS PerfectDiskStub-->MsiExec.exe /I{C990C769-B469-4AF0-BEAB-758476D4B059} RPS RpsCore-->MsiExec.exe /I{00911CCB-51C6-4B90-AAE8-F60F9E694CB1} Samsung SCX-4x21 Series-->C:\Program Files\Samsung\Samsung SCX-4x21 Series\Install\Setup.exe /R Services de sécurité Vidéotron-->"C:\Program Files\InstallShield Installation Information\{B1F54B3A-E702-4A28-BDCC-36636FEA5144}\setup.exe" -runfromtemp -l0x040c -removeonly SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} Simple Comptable de Sage 2009-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C54856BC-3549-4ADE-AD4B-BC48C336DF5A}\setup.exe" -l0xc0c -removeonly SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE} SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} Skype™ 4.1-->MsiExec.exe /I{5C474A83-A45F-470C-9AC8-2BD1C251BF9A} SmarThru 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90F1943D-EA4A-4460-B59F-30023F3BA69A}\Setup.exe" -l0x9 uninstall -l0009 SmarThru PC Fax-->C:\WINDOWS\prinst.exe /m"Samsung" /u"SmarThru PC Fax" SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} ======Security center information====== AV: Services de sécurité Vidéotron Antivirus FW: Services de sécurité Vidéotron Coupe-feu ======System event log====== Computer Name: GERMAIN Event Code: 59 Message: Resolve Partial Assembly a échoué pour Microsoft.VC90.CRT. Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système. . Record Number: 4576 Source Name: SideBySide Time Written: 20100611221302.000000-240 Event Type: error User: Computer Name: GERMAIN Event Code: 32 Message: L'assemblage dépendant Microsoft.VC90.CRT ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système. Record Number: 4575 Source Name: SideBySide Time Written: 20100611221302.000000-240 Event Type: error User: Computer Name: GERMAIN Event Code: 59 Message: Generate Activation Context a échoué pour C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll. Message d'erreur de référence : Opération réussie. . Record Number: 4574 Source Name: SideBySide Time Written: 20100611221302.000000-240 Event Type: error User: Computer Name: GERMAIN Event Code: 59 Message: Resolve Partial Assembly a échoué pour Microsoft.VC90.CRT. Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système. . Record Number: 4573 Source Name: SideBySide Time Written: 20100611221302.000000-240 Event Type: error User: Computer Name: GERMAIN Event Code: 32 Message: L'assemblage dépendant Microsoft.VC90.CRT ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système. Record Number: 4572 Source Name: SideBySide Time Written: 20100611221302.000000-240 Event Type: error User: =====Application event log===== Computer Name: GERMAIN Event Code: 1015 Message: La connexion au serveur est impossible. Erreur : 0x800401F0 Record Number: 775 Source Name: MsiInstaller Time Written: 20100213182257.000000-300 Event Type: warning User: GERMAIN\Client Computer Name: GERMAIN Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur GERMAIN\Client alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 720 Source Name: Userenv Time Written: 20100131222529.000000-300 Event Type: warning User: AUTORITE NT\SYSTEM Computer Name: GERMAIN Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur GERMAIN\Client alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 656 Source Name: Userenv Time Written: 20100113194217.000000-300 Event Type: warning User: AUTORITE NT\SYSTEM Computer Name: GERMAIN Event Code: 63 Message: Un fournisseur, OffProv12, a été enregistré dans l'espace de noms WMI, Root\MSAPPS12, afin d'utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s'il ne représente pas correctement les demandes utilisateur. Record Number: 638 Source Name: WinMgmt Time Written: 20100113184703.000000-300 Event Type: warning User: AUTORITE NT\SYSTEM Computer Name: GERMAIN Event Code: 1002 Message: Application bloquée Photoshop.exe, version 7.0.0.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Record Number: 607 Source Name: Application Hang Time Written: 20100111190949.000000-300 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Fichiers communs\DivX Shared;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0403 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "asl.log"=Destination=file;OnFirstLog=command,environment,parent "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Malheureuement je ne trouve pas l'emplacement du fichier Rpssecurity...je fais une recherche et Windows me renvoie à un raccourci pointant sur McCafee qui est lui désinstallé et inexistant. Comment faire alors ? Merci encore à l'avance.
  12. salmon
    Bonjour, Mon ordinateur est incroyablement lent et je pense humblement que le coupable est le processus RpsSecurityAwareR.exe. Malgré de nombreuses recherches d'infos et scans du PC je n'ai pas réussi à enrayer le problème. J'ai cru comprendre qu'un log de Hijackthis était un must pour obtenir de l'aide, alors le voici: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:32:06, on 2010-10-14 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Videotron\Services de sécurité Vidéotron\Fws.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe C:\Program Files\Videotron\Services de sécurité Vidéotron\rps.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TeamViewer\Version5\TeamViewer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe C:\Program Files\Videotron\Videotron Service Agent\VideotronSAComHandler.exe C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\SearchProtocolHost.exe d:\Client\Mes documents\Téléchargements\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe" /AUTORUN O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gestionnaire de connexion de Simple Comptable - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: Services de sécurité Vidéotron (Radialpoint Security Services) - Vidéotron - C:\Program Files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Videotron\Services de sécurité Vidéotron\Fws.exe O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 7340 bytes Merci infiniment à l'avance !
×
×
  • Créer...