Dancamelonat
-
Compteur de contenus
34 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Dancamelonat
-
Besoin d'un coup de pouce SVP
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
C'est ce que je vous ai dit, j'avais déjà tout désinstaller avant de poser la question et j'assume. Mon problème n'est pas la perte de mes favoris malgré ma déception mais le fait de ne pas pouvoir ouvrir cette application et m'en servir. Je n'aime pas du tout travailler avec internet explorer et on me l'avaii déconseillé ici comme naviguateur de tout les jours. Je vais voir ce que je peux faire en mode sans échec et vous reviens.Merci. -
Besoin d'un coup de pouce SVP
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
On m'avait suggéré d'éliminer toutes traces et réinstaller. Alors je n'ai plus rien. Je croyais avoir sauvegardeé mes marque-pages ce qui ne semble pas le cas. Je suis tellment déçu d'avoir tout perdu! J'ai tenté de réinstaller à neuf et ça ne fonctionne pas. Je reçois ce message " le point d'entrée de procédure NSS_InitializePRErrorTable est introuvable dans la bibliothèque de liaisons nssutil3.dll " Même si je tente veotre manoeuvre pour un créer un nouveau profil j'ai aussi ce message. De plus pour moi Internet Exploerre plante régulièrement. Il gèle! -
Besoin d'un coup de pouce SVP
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Euh...il n'y plus rien à ce que je comprends? Je ne peux toujours pas exécuter Mozilla Firefox. Peut-être dois-je poster mon problème dans la section software? -
Besoin d'un coup de pouce SVP
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
voilà Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-2012-02-09-18-15-34.txt Run by Administrateur at 2012-02-09 18:15:34 Windows XP Professional Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Clé(s) du Registre ========== ABSENT Key: HKLM\Software\OpenCandy SUPPRIME Key: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7ee743314c844c7f445b8b1d7617612df1fdd50f ABSENT Key: HKLM\Software\Canneverbe Limited\OpenCandy SUPPRIME Driver Key: npclsifw ABSENT Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847} ABSENT Key: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847} ========== Valeur(s) du Registre ========== SUPPRIME IFC: [FEATURE_BROWSER_EMULATION] svchost.exe ABSENT IFC: [FEATURE_BROWSER_EMULATION] svchost.exe Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ========== Dossier(s) ========== ABSENT C:\Documents and Settings\Administrateur\Local Settings\Application Data\OpenCandy SUPPRIME Folder: C:\Program Files\Spybot - Search & Destroy SUPPRIME Flash Cookies: 137 SUPPRIME Temporaires Windows: : 92 ========== Fichier(s) ========== ABSENT Folder/File: c:\documents and settings\administrateur\local settings\application data\opencandy SUPPRIME Flash Cookies: 55 SUPPRIME Temporaires Windows: : 987 ========== Autre ========== NON TRAITE PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...) NON TRAITE detected hooks: NON TRAITE Warning: possible MBR rootkit infection ! NON TRAITE PROCESSUS SUPERFLU DU SYSTEME NON TRAITE TOOLBAR INUTILE (Navigateur internet) ========== Récapitulatif ========== 6 : Clé(s) du Registre 3 : Valeur(s) du Registre 4 : Dossier(s) 3 : Fichier(s) 5 : Autre End of clean in 00mn 15s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 2012-02-09 18:15:34 [2012] -
Besoin d'un coup de pouce SVP
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Je suis un peu perdue, là. Spybot n'est pas installé sur mon PC, je ne l'utilise plus depuis longtemps et l'avais désinstallé. De plus, je ne travaille pas sous Vista mais sous Windows XP. Alors je reprends où ? -
Besoin d'un coup de pouce SVP
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Voilà pour le rapport de MBAM Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.02.03.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrateur :: PANASONI-D546DF [administrateur] 2012-02-05 20:05:17 mbam-log-2012-02-05 (20-05-17).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 314677 Temps écoulé: 2 heure(s), 50 minute(s), 24 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) -
Besoin d'un coup de pouce SVP
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Pour TDSSKiller Mon lien Pour AdwCleaner Mon lien et Mon lien Pour MBAM je n'ai pas pu copier le rapport car on a fermé monPC à mon inssu. Par contre j'ai vu qu'il avait trouvé une menace qu'il a traité avec succès. Je suis à refaire un nouveau scan et poste le rapport dès que terminé afin de m'assurer avec vous que tout est OK. -
Besoin d'un coup de pouce SVP
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Voilà Mon lien -
Besoin d'un coup de pouce SVP
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Voilà Mon lien -
Bonjour, J'ai un sérieux problème de ralentissement de mon PC ces derniers temps, suite à une infection détectée par ZoneAlarm. Il semblerait que c'était un Trojan, qui semble avoir disparu... Mais bon, je n'en suis pas certaine. Je n'arrive plus à installer Mozilla Firefox, malgré désinstallation et nettoyage. Je ne sais même pas pourquoi il a cessé de fonctionner, d'ailleurs. Internet explorer est un calvaire pour moi. La pire tortue ! Plus il y a d'onglets actifs et pire c'est. Je ne sais pas s'il y a un lien entre tout ça mais une chose est sûre, quelque chose cloche et je ne sais pas si je suis toujours infectée. Merci d'avance pour votre aide.
-
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Tout est parfait!!! Plus aucun symptôme!!! Je suis à terminer d'appliquer vos dernières recommandations. Un grand merci à vous pour votre aide et la qualité de service. Malgré le décalage horaire j'ai toujours reçu des réponses efficaces et rapides. Tellement apprécié quand on a des problèmes et qu'on veut les régler. -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Désolée, pour le moment c'est le calme plat !!! depuis ce matin je regarde ce qui se passe, j'ai aussi ouvert internet explorer et tout est bon jusqu'à maintenant. Plus de symptômes. Je suis vraiment contente. Peut-on envisager crier victoire bientôt? Merci pour votre aide. -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Bonjour à toi Voici le rapport ComboFix 11-05-10.02 - Administrateur 2011-05-11 7:57.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.597 [GMT -4:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe FW: ZoneAlarm Extreme Security Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrateur\Local Settings\Application Data\tvwskclkxc.dat c:\documents and settings\Administrateur\Local Settings\Application Data\tvwskclkxc_nav.dat c:\documents and settings\Administrateur\Local Settings\Application Data\tvwskclkxc_navps.dat . Une copie infectée de c:\windows\system32\kernel32.dll a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache\kernel32.dll . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-11 au 2011-05-11 )))))))))))))))))))))))))))))))))))) . . 2011-05-10 13:15 . 2011-05-10 13:15 -------- d-----w- c:\documents and settings\Administrateur\DoctorWeb 2011-05-10 00:41 . 2011-05-10 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK 2011-05-09 12:25 . 2011-05-09 12:25 -------- d-----w- C:\_OTL 2011-05-07 19:57 . 2011-05-07 19:57 512 ----a-w- C:\PhysicalMBR.bin 2011-05-06 01:42 . 2011-05-06 01:42 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-06 01:36 . 2011-05-08 18:54 -------- d-----w- c:\program files\ZHPDiag 2011-05-06 01:07 . 2011-05-06 01:07 -------- d-----r- c:\documents and settings\LocalService\Favoris 2011-05-05 10:47 . 2011-04-14 16:47 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-05 10:47 . 2011-04-14 16:47 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-05 10:47 . 2011-04-14 16:47 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-05 10:47 . 2011-04-14 16:47 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-05 10:47 . 2011-04-14 16:47 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-05 10:47 . 2011-04-14 16:47 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-05 10:47 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-05 10:47 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-05 00:08 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-05 00:07 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-05 00:07 . 2011-05-05 03:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-04 02:50 . 2011-05-04 02:50 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2011-05-03 22:02 . 2011-05-03 22:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MailFrontier 2011-05-03 17:43 . 2010-08-29 06:53 72704 ----a-w- c:\windows\zllsputility.exe 2011-05-03 17:43 . 2009-10-12 22:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2011-05-03 17:41 . 2010-08-29 06:53 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-05-03 17:41 . 2010-08-29 06:53 103936 ----a-w- c:\windows\system32\zlcommdb.dll 2011-05-03 17:41 . 2011-05-03 18:40 -------- d-----w- c:\windows\system32\ZoneLabs 2011-05-03 17:41 . 2010-08-29 06:53 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-05-03 17:41 . 2011-05-03 17:41 -------- d-----w- c:\program files\Zone Labs 2011-05-03 17:29 . 2011-05-11 12:11 -------- d-----w- c:\windows\Internet Logs 2011-05-03 17:06 . 2011-05-03 17:06 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2011-05-03 16:43 . 2011-05-03 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2011-05-03 16:43 . 2011-05-03 16:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\TuneUp Software 2011-05-03 14:56 . 2011-05-03 14:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-05-03 00:09 . 2011-05-04 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\dL28603GgIgF28603 2011-05-03 00:01 . 2011-05-03 00:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2011-05-03 00:00 . 2011-05-03 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-02 01:17 . 2011-05-02 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft 2011-05-02 01:08 . 2011-05-02 01:24 -------- d-----w- c:\program files\SlySoft 2011-05-02 00:20 . 2011-05-02 00:20 126976 --sha-r- c:\windows\system32\iac25_32X.dll 2011-04-22 13:20 . 2011-04-22 14:07 -------- d-----w- C:\Impot 2010 2011-04-13 21:14 . 2011-04-13 21:14 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS 2011-04-13 21:01 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-04-13 21:01 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-04-13 20:55 . 2011-04-13 20:55 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard 2011-04-13 20:47 . 2011-04-13 21:14 -------- d-----w- c:\program files\Hewlett-Packard . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2007-07-03 18:43 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:36 . 2004-08-05 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2004-08-05 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:05 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:05 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:05 . 2004-08-05 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:42 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2004-08-05 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-05 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 11:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-08-05 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-04-14 16:47 . 2011-05-05 10:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2007-03-20 726672] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-10-13 1040384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ZAFFRegisterTrustChecker"="-s" [X] "ZAFFRegisterTrustCheckerIE"="-s" [X] . c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp officejet 4100 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe [2003-4-6 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] . [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2008-07-10 13:47 116040 ----a-w- c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] 2007-09-24 02:55 533944 ----a-w- c:\program files\Druide\Antidote\Gestionnaire Antidote.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-03-29 15:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" "Panasonic Hotkey Manager"=c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE "ShwiconXP"=c:\program files\Multimedia Card Reader\ShwiconXP.exe "Persistence"=c:\windows\system32\igfxpers.exe "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "HotKeysCmds"=c:\windows\system32\hkcmd.exe "USBDetector"=c:\usbstorage\USBDetector.exe "PCinfo"=c:\program files\Panasonic\pcinfo\PcInfoUt.exe "SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-01-07 20744] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-10-09 642560] R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-02-12 26352] R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2009-02-12 493032] R2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PCInfoPi.exe [2007-07-03 54928] R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [2007-07-03 186000] R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2009-02-12 35568] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-07-03 36352] R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2007-07-03 42624] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 30088] S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom;c:\windows\system32\drivers\cben5.sys [2007-09-06 46108] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?] . Contenu du dossier 'Tâches planifiées' . 2011-05-11 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 15:29] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxp://e2icommconf.e2impact.com/download/ilinci86.dll DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rik8mqj4.default\ FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - prefs.js: network.proxy.type - 0 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-05-11 08:10 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-2843922286-2270138109-1441698907-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,e9,1f,0f,ab,fc,b7,4c,92,26,02,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,e9,1f,0f,ab,fc,b7,4c,92,26,02,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(1272) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\program files\CheckPoint\ZAForceField\AK\icsak.dll . - - - - - - - > 'lsass.exe'(1364) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\program files\CheckPoint\ZAForceField\AK\icsak.dll . - - - - - - - > 'explorer.exe'(1180) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\program files\CheckPoint\ZAForceField\AK\icsak.dll c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfhook.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . - - - - - - - > 'csrss.exe'(1148) c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Photodex\ProShowProducer\ScsiAccess.exe c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe . ************************************************************************** . Heure de fin: 2011-05-11 08:18:30 - La machine a redémarré ComboFix-quarantined-files.txt 2011-05-11 12:18 ComboFix2.txt 2011-05-09 20:27 . Avant-CF: 34 067 697 664 octets libres Après-CF: 34 083 590 144 octets libres . - - End Of File - - 2B0D7B2EC4B3669AFD3ADA9095560D1E -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
OTL logfile created on: 2011-05-10 13:55:44 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrateur\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 1 014,00 Mb Total Physical Memory | 495,00 Mb Available Physical Memory | 49,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 32,29 Gb Free Space | 43,33% Space Free | Partition Type: NTFS Drive F: | 241,13 Mb Total Space | 155,53 Mb Free Space | 64,50% Space Free | Partition Type: FAT Drive G: | 14,90 Gb Total Space | 1,60 Gb Free Space | 10,73% Space Free | Partition Type: FAT32 Computer Name: PANASONI-D546DF | User Name: Administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011-05-07 15:53:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe PRC - [2010-08-29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2010-08-29 02:53:14 | 001,039,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010-08-27 05:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2010-08-27 05:34:00 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009-10-16 10:31:38 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe PRC - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009-03-30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2008-07-10 09:47:18 | 000,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-03-20 16:37:38 | 000,726,672 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\WSwitch\WSwitch.exe PRC - [2007-02-21 11:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007-02-21 11:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007-02-21 11:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2007-02-12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-02-12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006-12-21 20:47:24 | 000,186,000 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe PRC - [2006-11-28 12:53:52 | 000,054,928 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe PRC - [2003-04-06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe ========== Modules (SafeList) ========== MOD - [2011-05-07 15:53:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe MOD - [2010-08-27 05:34:08 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll MOD - [2010-08-27 05:33:58 | 000,562,664 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll MOD - [2010-08-23 12:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2008-07-25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll MOD - [2008-07-25 11:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll ========== Win32 Services (SafeList) ========== SRV - [2011-05-03 22:50:36 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010-08-29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stop_Pending] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010-08-27 05:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009-10-16 10:31:38 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess) SRV - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008-11-04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008-07-10 09:47:18 | 000,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007-02-12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2006-12-21 20:47:24 | 000,186,000 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe -- (PcInfoSV) SRV - [2006-11-28 12:53:52 | 000,054,928 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe -- (PcInfoPi) SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005-04-04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003-03-09 16:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2010-08-27 05:33:54 | 000,035,568 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak) DRV - [2010-08-27 05:33:54 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010-06-09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-10-14 12:29:54 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2009-10-12 18:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2009-01-07 23:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus) DRV - [2008-12-07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2008-07-02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2007-10-09 20:56:39 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - [2007-10-09 20:52:16 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2007-03-02 16:56:24 | 000,042,624 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\newmisc.sys -- (NewMisc) DRV - [2007-02-25 06:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Pilote de carte Intel® DRV - [2007-02-21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006-12-22 07:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006-12-22 07:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006-12-22 07:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006-11-14 06:48:36 | 000,019,840 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hotkey.sys -- (HOTKEY) DRV - [2005-10-21 07:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2005-01-31 06:20:03 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2005-01-31 06:12:46 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2001-08-17 20:13:14 | 000,046,108 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cben5.sys -- (CBEN5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.0 FF - prefs.js..extensions.enabledItems: {E37D0722-A3C5-4874-AEEB-718E1BE6100D}:1.9.1 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011-05-05 06:57:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{E37D0722-A3C5-4874-AEEB-718E1BE6100D}: C:\Documents and Settings\Administrateur\Local Settings\Application Data\{E37D0722-A3C5-4874-AEEB-718E1BE6100D} FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-05 06:47:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-27 08:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions [2011-05-03 23:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rik8mqj4.default\extensions [2010-04-29 14:29:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rik8mqj4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-05-03 13:33:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rik8mqj4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011-01-14 22:15:01 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rik8mqj4.default\extensions\en-CA@dictionaries.addons.mozilla.org [2010-07-28 14:16:06 | 000,001,183 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rik8mqj4.default\searchplugins\4shared.xml [2010-10-30 14:45:19 | 000,002,979 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rik8mqj4.default\searchplugins\photoxpress.xml [2011-05-05 06:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2009-01-23 11:33:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-04-14 12:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010-01-01 04:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010-01-01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010-01-01 04:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010-01-01 04:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010-01-01 04:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010-01-01 04:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml Hosts file not found O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [WSwitch] C:\Program Files\Panasonic\WSwitch\WSwitch.exe (Matsushita Electric Industrial Co., Ltd.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp officejet 4100 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} http://e2icommconf.e2impact.com/download/ilinci86.dll (ILINCInstall86 Class) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Java Plug-in Technology (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-07-03 14:46:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011-05-10 11:45:05 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrateur\Bureau\TDSSKiller.exe [2011-05-10 09:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\DoctorWeb [2011-05-10 07:53:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011-05-09 20:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK [2011-05-09 15:47:55 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011-05-09 15:44:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011-05-09 15:44:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011-05-09 15:44:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011-05-09 15:44:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011-05-09 15:42:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011-05-09 15:42:12 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-05-09 12:03:59 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Administrateur\Bureau\esetsmartinstaller_fra.exe [2011-05-09 08:25:55 | 000,000,000 | ---D | C] -- C:\_OTL [2011-05-08 12:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2011-05-07 15:25:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe [2011-05-06 15:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Téléchargements [2011-05-05 21:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2011-05-05 21:36:18 | 001,224,845 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\Administrateur\Mes documents\ZHPFix.exe [2011-05-05 21:35:07 | 002,457,557 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\Administrateur\Mes documents\ZHPDiag2.exe [2011-05-04 20:08:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011-05-04 20:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware [2011-05-04 20:07:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011-05-04 20:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-05-04 16:14:51 | 072,022,928 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Bureau\msert.exe [2011-05-03 22:50:36 | 000,361,216 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe [2011-05-03 18:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\MailFrontier [2011-05-03 14:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2011-05-03 14:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011-05-03 13:43:57 | 000,072,704 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\zllsputility.exe [2011-05-03 13:43:53 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kl1.sys [2011-05-03 13:41:53 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll [2011-05-03 13:41:48 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll [2011-05-03 13:41:48 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll [2011-05-03 13:41:33 | 000,043,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll [2011-05-03 13:41:32 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll [2011-05-03 13:41:32 | 000,300,544 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll [2011-05-03 13:41:32 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll [2011-05-03 13:41:32 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll [2011-05-03 13:41:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs [2011-05-03 13:41:28 | 000,528,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys [2011-05-03 13:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2011-05-03 13:40:32 | 000,686,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll [2011-05-03 13:40:32 | 000,229,376 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll [2011-05-03 13:40:32 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll [2011-05-03 13:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011-05-03 12:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2011-05-03 12:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software [2011-05-03 10:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2011-05-03 10:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011-05-03 10:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011-05-02 20:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dL28603GgIgF28603 [2011-05-02 20:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes [2011-05-02 20:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011-05-01 21:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2011-05-01 21:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft [2011-04-22 09:20:06 | 000,000,000 | ---D | C] -- C:\Impot 2010 [2011-04-13 17:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hewlett-Packard [2011-04-13 17:14:12 | 000,082,380 | ---- | C] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS [2011-04-13 17:01:05 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys [2011-04-13 16:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Hewlett-Packard [2011-04-13 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2002-08-09 14:58:36 | 000,133,120 | ---- | C] ( ) -- C:\WINDOWS\System32\ZipDLL.dll ========== Files - Modified Within 30 Days ========== [2011-05-10 13:51:12 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011-05-10 12:20:34 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat [2011-05-10 12:19:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-05-10 12:19:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-05-10 10:02:35 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\DrWeb.csv [2011-05-10 09:09:29 | 062,047,064 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\796lgayf.exe [2011-05-09 23:19:23 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Adobe Enregistrer pour le Web 11.0 Prefs [2011-05-09 15:48:03 | 000,000,356 | RHS- | M] () -- C:\boot.ini [2011-05-09 15:43:19 | 004,344,420 | R--- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe [2011-05-09 14:49:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Defogger.exe [2011-05-09 12:04:04 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Administrateur\Bureau\esetsmartinstaller_fra.exe [2011-05-08 14:05:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-05-07 15:57:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011-05-07 15:53:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe [2011-05-07 12:22:26 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2011-05-06 15:44:00 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\SecurityCheck.exe [2011-05-06 13:53:32 | 143,754,240 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\backup outlook.pst [2011-05-05 21:49:33 | 000,000,392 | ---- | M] () -- C:\ZHPRegY1.zhp [2011-05-05 21:49:21 | 000,000,392 | ---- | M] () -- C:\ZHPRegY0.zhp [2011-05-05 21:42:51 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2011-05-05 21:36:18 | 001,224,845 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\Administrateur\Mes documents\ZHPFix.exe [2011-05-05 21:35:08 | 002,457,557 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\Administrateur\Mes documents\ZHPDiag2.exe [2011-05-05 20:25:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\wininit.ini [2011-05-05 06:47:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011-05-05 06:47:22 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk [2011-05-04 20:08:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2011-05-04 16:16:29 | 072,022,928 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Bureau\msert.exe [2011-05-03 22:50:36 | 000,361,216 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe [2011-05-03 16:55:51 | 000,000,246 | ---- | M] () -- C:\Boot.bak [2011-05-03 14:30:54 | 019,423,264 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2011-05-03 14:30:54 | 000,228,692 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2011-05-03 13:46:50 | 000,425,725 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2011-05-03 13:43:58 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ZoneAlarm Security.lnk [2011-05-03 13:38:35 | 152,520,704 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ZASPSetup_93_037_000_en.exe [2011-05-03 09:22:04 | 003,801,120 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\cpes_clean.exe [2011-05-01 21:16:42 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2011-05-01 20:20:09 | 000,126,976 | RHS- | M] () -- C:\WINDOWS\System32\iac25_32X.dll [2011-05-01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrateur\Bureau\TDSSKiller.exe [2011-04-28 13:17:39 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CDBurnerXP.lnk [2011-04-25 16:30:48 | 003,026,275 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Camille B&W Selective.jpg [2011-04-14 09:56:14 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-04-14 07:43:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-04-14 07:28:40 | 000,514,142 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2011-04-14 07:28:40 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-04-14 07:28:40 | 000,086,374 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2011-04-14 07:28:40 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-04-13 17:29:36 | 000,000,531 | ---- | M] () -- C:\hpfr3420.xml [2011-04-13 17:16:51 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp officejet 4100 series.lnk [2011-04-13 17:15:35 | 000,020,471 | ---- | M] () -- C:\WINDOWS\hpoins01.dat [2011-04-13 17:14:28 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Disque de souvenirs HP.lnk [2011-04-13 17:14:12 | 000,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS [2011-04-13 16:49:58 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk [2011-04-13 16:49:49 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\HP Photo & Imaging.lnk [2011-04-13 16:49:31 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\HP Director.lnk ========== Files Created - No Company Name ========== [2011-05-10 10:02:35 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\DrWeb.csv [2011-05-10 08:57:53 | 062,047,064 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\796lgayf.exe [2011-05-09 15:48:03 | 000,000,246 | ---- | C] () -- C:\Boot.bak [2011-05-09 15:47:58 | 000,263,488 | RHS- | C] () -- C:\cmldr [2011-05-09 15:44:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011-05-09 15:44:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011-05-09 15:44:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011-05-09 15:44:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011-05-09 15:44:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011-05-09 15:10:56 | 000,001,000 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011-05-09 14:49:52 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Defogger.exe [2011-05-09 14:49:43 | 004,344,420 | R--- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe [2011-05-07 15:57:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011-05-06 15:43:59 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\SecurityCheck.exe [2011-05-06 13:50:47 | 143,754,240 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\backup outlook.pst [2011-05-05 21:49:21 | 000,000,392 | ---- | C] () -- C:\ZHPRegY1.zhp [2011-05-05 21:49:21 | 000,000,392 | ---- | C] () -- C:\ZHPRegY0.zhp [2011-05-05 21:42:51 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin [2011-05-05 06:47:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk [2011-05-05 06:47:22 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk [2011-05-04 20:08:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2011-05-03 13:44:00 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2011-05-03 13:43:58 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ZoneAlarm Security.lnk [2011-05-03 13:41:28 | 000,425,725 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2011-05-03 13:36:02 | 152,520,704 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ZASPSetup_93_037_000_en.exe [2011-05-03 09:22:03 | 003,801,120 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\cpes_clean.exe [2011-05-02 15:32:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011-05-01 21:16:42 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2011-05-01 20:20:09 | 000,126,976 | RHS- | C] () -- C:\WINDOWS\System32\iac25_32X.dll [2011-04-25 16:30:39 | 003,026,275 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Camille B&W Selective.jpg [2011-04-13 17:21:58 | 000,000,531 | ---- | C] () -- C:\hpfr3420.xml [2011-04-13 17:16:51 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp officejet 4100 series.lnk [2011-04-13 17:14:28 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Disque de souvenirs HP.lnk [2011-04-13 16:49:58 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk [2011-04-13 16:49:49 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\HP Photo & Imaging.lnk [2011-04-13 16:49:30 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\HP Director.lnk [2011-04-13 16:42:55 | 000,020,471 | ---- | C] () -- C:\WINDOWS\hpoins01.dat [2011-04-13 16:42:55 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat [2011-02-09 18:13:02 | 000,429,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010-10-14 20:07:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010-10-09 11:14:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\drivers\service.ini [2010-08-11 15:13:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2010-08-03 21:30:17 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2010-06-18 00:11:37 | 000,000,467 | ---- | C] () -- C:\WINDOWS\exifmanager.ini [2010-05-31 22:10:33 | 000,001,820 | ---- | C] () -- C:\WINDOWS\System32\enc_ba-2_000001.ini [2010-05-31 22:10:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Progs_.ini [2010-05-11 21:43:32 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Adobe Enregistrer pour le Web 11.0 Prefs [2010-03-10 23:58:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010-01-13 21:24:31 | 000,000,395 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2009-09-08 11:11:33 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ISW_SCM.INI [2009-07-30 13:06:56 | 000,000,067 | ---- | C] () -- C:\WINDOWS\KA.INI [2009-05-30 00:42:20 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll [2009-04-27 13:18:34 | 019,423,264 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009-04-27 13:01:48 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat [2009-04-27 13:01:48 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat [2009-04-27 13:01:47 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat [2009-03-11 21:01:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll [2009-01-29 21:46:44 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin [2008-12-31 13:52:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI [2008-12-08 21:06:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008-12-07 12:44:54 | 000,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys [2008-10-11 17:11:42 | 000,000,650 | ---- | C] () -- C:\WINDOWS\hegames.ini [2008-10-11 17:08:10 | 000,000,043 | ---- | C] () -- C:\WINDOWS\Preschol.ini [2008-10-11 17:07:51 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin040c.exe [2008-09-08 23:27:33 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat [2008-08-25 17:13:02 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008-08-12 11:47:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe [2008-07-01 13:12:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008-05-27 13:09:19 | 000,000,150 | ---- | C] () -- C:\WINDOWS\Antidote.ini [2008-02-29 23:44:36 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008-02-29 09:07:45 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008-02-29 09:07:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7B4AE373AC.sys [2008-02-04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2008-01-02 13:43:48 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini [2007-12-27 22:20:38 | 000,362,173 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\tvwskclkxc_nav.dat [2007-12-27 22:20:38 | 000,004,698 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\tvwskclkxc.dat [2007-12-27 22:20:38 | 000,000,679 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\tvwskclkxc_navps.dat [2007-11-28 09:16:09 | 000,242,688 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-11-12 21:23:45 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007-10-22 22:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007-10-09 20:56:39 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys [2007-10-09 20:52:16 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd4349.sys [2007-10-08 21:16:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2007-10-08 20:09:40 | 000,018,344 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll [2007-10-08 20:09:40 | 000,018,344 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll [2007-07-03 15:29:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007-07-03 15:16:20 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\softkbd.exe.config [2007-07-03 15:13:37 | 000,000,052 | ---- | C] () -- C:\WINDOWS\DMIVIEW.INI [2007-07-03 15:01:14 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007-07-03 15:01:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll [2007-07-03 14:51:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007-07-03 14:43:21 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007-07-03 10:33:21 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007-07-03 10:32:17 | 000,330,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004-08-05 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004-08-05 08:00:00 | 000,514,142 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2004-08-05 08:00:00 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004-08-05 08:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2004-08-05 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004-08-05 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004-08-05 08:00:00 | 000,086,374 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2004-08-05 08:00:00 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004-08-05 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004-08-05 08:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2004-08-05 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004-08-05 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004-08-05 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004-08-05 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003-03-09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2003-01-21 01:20:21 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\AJ820503.bin [2002-08-09 11:18:36 | 000,122,368 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.dll [2002-06-02 18:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\chkey1.dll [2001-08-23 03:07:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 03:05:30 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-04-10 18:03:32 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll [2000-10-31 19:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ZipSFX.bin ========== Custom Scans ========== < MD5 for: DTSCSI.SYS > [2007-10-09 20:56:39 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dtscsi.sys < MD5 for: SPTD.SYS > [2007-10-09 20:52:16 | 000,642,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < End of report > -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
De façon manuelle ou en copiant/collant (et effectivement les fichiers sont bien là), ça me fait toujours le même truc.... -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Ça me dit no file uploaded???? -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
2011/05/10 12:13:02.0515 3632 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 2011/05/10 12:13:03.0265 3632 ================================================================================ 2011/05/10 12:13:03.0265 3632 SystemInfo: 2011/05/10 12:13:03.0265 3632 2011/05/10 12:13:03.0265 3632 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/10 12:13:03.0265 3632 Product type: Workstation 2011/05/10 12:13:03.0265 3632 ComputerName: PANASONI-D546DF 2011/05/10 12:13:03.0265 3632 UserName: Administrateur 2011/05/10 12:13:03.0265 3632 Windows directory: C:\WINDOWS 2011/05/10 12:13:03.0265 3632 System windows directory: C:\WINDOWS 2011/05/10 12:13:03.0265 3632 Processor architecture: Intel x86 2011/05/10 12:13:03.0265 3632 Number of processors: 2 2011/05/10 12:13:03.0265 3632 Page size: 0x1000 2011/05/10 12:13:03.0265 3632 Boot type: Normal boot 2011/05/10 12:13:03.0265 3632 ================================================================================ 2011/05/10 12:13:04.0578 3632 Initialize success 2011/05/10 12:13:11.0171 3624 ================================================================================ 2011/05/10 12:13:11.0171 3624 Scan started 2011/05/10 12:13:11.0171 3624 Mode: Manual; 2011/05/10 12:13:11.0171 3624 ================================================================================ 2011/05/10 12:13:13.0718 3624 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/10 12:13:13.0859 3624 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/05/10 12:13:14.0312 3624 ADIHdAudAddService (93158adfd1f6811c9e137865069a6c2d) C:\WINDOWS\system32\drivers\ADIHdAud.sys 2011/05/10 12:13:14.0703 3624 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys 2011/05/10 12:13:15.0234 3624 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/05/10 12:13:15.0531 3624 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/05/10 12:13:15.0781 3624 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/05/10 12:13:16.0250 3624 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/05/10 12:13:16.0609 3624 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/10 12:13:16.0906 3624 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/10 12:13:17.0265 3624 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/10 12:13:17.0562 3624 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/10 12:13:17.0718 3624 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/10 12:13:17.0968 3624 BtHidBus (ce441ccd98c5ecb10cb12fcaf97322ec) C:\WINDOWS\system32\Drivers\BtHidBus.sys 2011/05/10 12:13:18.0234 3624 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\WINDOWS\system32\Drivers\btnetBus.sys 2011/05/10 12:13:18.0468 3624 CBEN5 (9060fa1f3ee5c1100ab1d358c3b0996b) C:\WINDOWS\system32\DRIVERS\cben5.sys 2011/05/10 12:13:18.0656 3624 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/10 12:13:18.0843 3624 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/05/10 12:13:19.0062 3624 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/10 12:13:19.0218 3624 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/10 12:13:19.0343 3624 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/10 12:13:19.0687 3624 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/05/10 12:13:20.0015 3624 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/05/10 12:13:20.0546 3624 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/10 12:13:20.0906 3624 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/10 12:13:21.0203 3624 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/10 12:13:21.0437 3624 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/10 12:13:21.0593 3624 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/10 12:13:21.0906 3624 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/10 12:13:22.0156 3624 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys 2011/05/10 12:13:22.0156 3624 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d 2011/05/10 12:13:22.0156 3624 dtscsi - detected LockedFile.Multi.Generic (1) 2011/05/10 12:13:22.0281 3624 e1express (c31a349d80ab6e8e9a54d3899c864823) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/05/10 12:13:22.0828 3624 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/10 12:13:22.0968 3624 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/05/10 12:13:23.0156 3624 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/10 12:13:23.0375 3624 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/05/10 12:13:23.0515 3624 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/05/10 12:13:23.0750 3624 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/10 12:13:23.0859 3624 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/10 12:13:24.0046 3624 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/10 12:13:24.0281 3624 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/05/10 12:13:24.0359 3624 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/10 12:13:24.0531 3624 HOTKEY (e853f5e773eb89a6435cd0cfeab63076) C:\WINDOWS\system32\DRIVERS\hotkey.sys 2011/05/10 12:13:24.0781 3624 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/05/10 12:13:25.0031 3624 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/05/10 12:13:25.0171 3624 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/05/10 12:13:25.0328 3624 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/05/10 12:13:25.0515 3624 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/05/10 12:13:25.0750 3624 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/10 12:13:25.0968 3624 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/05/10 12:13:26.0484 3624 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/05/10 12:13:27.0062 3624 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys 2011/05/10 12:13:27.0187 3624 icsak (66793a4cbe9b5aa07882e3f3622f4ffe) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys 2011/05/10 12:13:27.0343 3624 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 2011/05/10 12:13:27.0562 3624 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/10 12:13:27.0812 3624 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/05/10 12:13:27.0921 3624 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/05/10 12:13:28.0078 3624 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/05/10 12:13:28.0250 3624 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/10 12:13:28.0468 3624 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/10 12:13:28.0578 3624 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/10 12:13:28.0734 3624 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/10 12:13:28.0906 3624 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/10 12:13:29.0171 3624 ISWKL (f0dec1fdc2e67aedd8cc00b48eee0d43) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 2011/05/10 12:13:29.0375 3624 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\WINDOWS\system32\Drivers\IvtBtBus.sys 2011/05/10 12:13:29.0578 3624 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/10 12:13:29.0812 3624 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\DRIVERS\klif.sys 2011/05/10 12:13:30.0031 3624 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/10 12:13:30.0234 3624 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/10 12:13:30.0515 3624 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys 2011/05/10 12:13:30.0750 3624 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/05/10 12:13:30.0937 3624 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/10 12:13:31.0062 3624 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/10 12:13:31.0187 3624 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/10 12:13:31.0390 3624 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/05/10 12:13:31.0484 3624 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/10 12:13:31.0781 3624 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/10 12:13:31.0984 3624 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/10 12:13:32.0234 3624 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/10 12:13:32.0421 3624 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/10 12:13:32.0562 3624 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/10 12:13:32.0687 3624 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/10 12:13:32.0859 3624 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/10 12:13:33.0062 3624 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/05/10 12:13:33.0312 3624 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/10 12:13:33.0515 3624 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/05/10 12:13:33.0859 3624 NAL (cbbbbcace1abda7336410df4ab3c74d7) C:\WINDOWS\system32\Drivers\iqvw32.sys 2011/05/10 12:13:34.0187 3624 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/10 12:13:34.0390 3624 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/05/10 12:13:34.0609 3624 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/10 12:13:34.0828 3624 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/10 12:13:35.0171 3624 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/10 12:13:35.0343 3624 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/10 12:13:35.0500 3624 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/10 12:13:35.0750 3624 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/10 12:13:36.0046 3624 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2011/05/10 12:13:36.0390 3624 NewMisc (3c481a1b3a89bd643f0dce063faef6cc) C:\WINDOWS\system32\DRIVERS\newmisc.sys 2011/05/10 12:13:36.0593 3624 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/05/10 12:13:36.0718 3624 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/10 12:13:36.0875 3624 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/10 12:13:37.0093 3624 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 2011/05/10 12:13:37.0203 3624 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/10 12:13:37.0359 3624 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/10 12:13:37.0484 3624 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/10 12:13:37.0750 3624 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/05/10 12:13:37.0843 3624 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys 2011/05/10 12:13:37.0984 3624 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/10 12:13:38.0125 3624 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/10 12:13:38.0343 3624 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/10 12:13:38.0562 3624 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/10 12:13:38.0765 3624 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/05/10 12:13:39.0328 3624 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS 2011/05/10 12:13:39.0578 3624 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/10 12:13:39.0703 3624 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/10 12:13:39.0828 3624 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/10 12:13:40.0203 3624 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/10 12:13:40.0234 3624 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/10 12:13:40.0281 3624 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/10 12:13:40.0468 3624 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/10 12:13:40.0546 3624 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/10 12:13:40.0703 3624 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/10 12:13:40.0859 3624 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/05/10 12:13:41.0140 3624 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/10 12:13:41.0312 3624 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/10 12:13:41.0484 3624 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/05/10 12:13:41.0640 3624 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/05/10 12:13:41.0968 3624 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/10 12:13:42.0187 3624 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/05/10 12:13:42.0296 3624 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/05/10 12:13:42.0437 3624 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 2011/05/10 12:13:42.0531 3624 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 2011/05/10 12:13:42.0687 3624 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/05/10 12:13:42.0953 3624 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/05/10 12:13:43.0234 3624 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/10 12:13:43.0437 3624 sptd (c2fcbb3b8bb2dd9fc805ffaf6cf41f2e) C:\WINDOWS\system32\Drivers\sptd.sys 2011/05/10 12:13:43.0437 3624 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c2fcbb3b8bb2dd9fc805ffaf6cf41f2e 2011/05/10 12:13:43.0437 3624 sptd - detected LockedFile.Multi.Generic (1) 2011/05/10 12:13:43.0562 3624 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/10 12:13:43.0828 3624 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/10 12:13:43.0953 3624 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 2011/05/10 12:13:44.0078 3624 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/05/10 12:13:44.0265 3624 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/10 12:13:44.0406 3624 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/10 12:13:44.0796 3624 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/10 12:13:44.0937 3624 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/10 12:13:45.0078 3624 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/10 12:13:45.0250 3624 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/10 12:13:45.0421 3624 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/10 12:13:45.0593 3624 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/10 12:13:45.0859 3624 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/10 12:13:46.0062 3624 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/05/10 12:13:46.0265 3624 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/05/10 12:13:46.0375 3624 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/10 12:13:46.0546 3624 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/10 12:13:46.0703 3624 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/10 12:13:46.0875 3624 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/10 12:13:47.0015 3624 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/10 12:13:47.0265 3624 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/10 12:13:47.0312 3624 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/05/10 12:13:47.0515 3624 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/05/10 12:13:47.0765 3624 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/10 12:13:47.0937 3624 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys 2011/05/10 12:13:48.0062 3624 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/10 12:13:48.0296 3624 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/05/10 12:13:48.0437 3624 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/10 12:13:48.0593 3624 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/05/10 12:13:48.0812 3624 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/05/10 12:13:49.0000 3624 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/05/10 12:13:49.0140 3624 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/05/10 12:13:49.0250 3624 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/05/10 12:13:49.0265 3624 ================================================================================ 2011/05/10 12:13:49.0265 3624 Scan finished 2011/05/10 12:13:49.0265 3624 ================================================================================ 2011/05/10 12:13:49.0281 3568 Detected object count: 3 2011/05/10 12:14:28.0062 3568 LockedFile.Multi.Generic(dtscsi) - User select action: Skip 2011/05/10 12:14:28.0062 3568 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/05/10 12:14:28.0125 3568 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/05/10 12:14:28.0125 3568 \HardDisk0 - ok 2011/05/10 12:14:28.0125 3568 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/05/10 12:14:31.0515 0956 Deinitialize success -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Le rapport du Scan avec Cureit! Processus en mémoire: C:\WINDOWS\system32\svchost.exe:700 BackDoor.Tdss.565 Eradiqué. En ouvrant votre site avec mon navigateur, un deuxième onglet s'ouvre avec une pub de walmart!!! Grrrr................. Je fais mes mises à jour.....mais j'ai vraiment peur d'ouvrir internet explorer.... -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Bon voici le rapport OTL de l'autre poste d'avant....et je fais le reste All processes killed ========== OTL ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== c:\documents and settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89 folder moved successfully. File move failed. c:\windows\system32\drivers\kl1.sys scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 1335060 bytes ->Temporary Internet Files folder emptied: 35900 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 77517952 bytes ->Flash cache emptied: 456 bytes User: All Users User: Camille ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Isabelle ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 1055088 bytes ->Temporary Internet Files folder emptied: 48509331 bytes ->Flash cache emptied: 4244 bytes User: NetworkService ->Temp folder emptied: 2117392 bytes ->Temporary Internet Files folder emptied: 42151026 bytes ->Flash cache emptied: 4639 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6387057 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 171,00 mb [EMPTYFLASH] User: Administrateur ->Flash cache emptied: 0 bytes User: All Users User: Camille User: Default User ->Flash cache emptied: 0 bytes User: Isabelle ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 1173 bytes User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05102011_075113 Files\Folders moved on Reboot... File move failed. c:\windows\system32\drivers\kl1.sys scheduled to be moved on reboot. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\afr[1].php not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\afr[2].php not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\cas[1].txt moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\ChickenFlesh_fa_auto_trailer[1].mp4 moved successfully. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\ddc[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\filmannex[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\filmannex[2].htm not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\gv2_emercial_back2[1].gif moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\header-styles[1].css moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\jump2[1].htm moved successfully. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\stCA0H65SL not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\styles[1].css moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\style_global[1].css moved successfully. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\st[11] not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\viewid=60096826[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\viewid=60096826[2].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T6Z26LGN\watch[1].txt not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\cas[1].txt moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\cms-2-frame[1].htm moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\cs[2].htm moved successfully. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\greatjobs411_com[1].txt not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\guestplaym21m[1].php moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\hbx[1].js moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\jump2[3].htm moved successfully. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\phpThumb[8].jpg not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\prototype-base-extensions[1].js moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\prototype-date-extensions[1].js moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\prototype[1].js moved successfully. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\st[10] not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\tags[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N2CBG7MK\viewid=38133606[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CRY3IC50\afr[1].php not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CRY3IC50\afr[2].php not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CRY3IC50\cs[3].htm moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CRY3IC50\empty[1].htm moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CRY3IC50\guestplaym21m[1].php moved successfully. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CRY3IC50\st[6] not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CRY3IC50\tags[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CRY3IC50\tags[2].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CRY3IC50\watch[1].txt not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B10DW1YA\cas_blank[1].htm moved successfully. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B10DW1YA\feature-1490822[1].php not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B10DW1YA\filmannex[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B10DW1YA\viewid=38133606[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B10DW1YA\xd_proxy[2].php not found! File\Folder C:\WINDOWS\temp\fla41.tmp not found! File\Folder C:\WINDOWS\temp\fla43.tmp not found! Registry entries deleted on Reboot... -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Je fais tout de suite. Mais je vous avise que pour le moment j'ai toujours le fameux message de win32 qui apparait, de temps à autres j'ai des fenêtre publicitaires qui s'ouvrent en cliquant sur des hyperliens qui ne devraient pas faire ça, une fois sur 2 explorer ne load pas à l'ouverture, qq fois ma config réseau n'est plus là à l'ouverture du PC et je ne peux plus me connecter je dois reconfigurer et ensuite reconfigurer ZA. Il arrive encore que mon navigateur ne s'ouvre pas en cliquant sur les liens dans mes courriels. Je n'ai pas encore osé réouvrir internet explorer. Voilà, je vais faire la prochaine étape... -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Et pour combofix ComboFix 11-05-09.01 - Administrateur 2011-05-09 15:50:55.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.583 [GMT -4:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe FW: ZoneAlarm Extreme Security Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrateur\Application Data\Adobe\plugs c:\documents and settings\Administrateur\Application Data\Adobe\shed c:\documents and settings\Administrateur\WINDOWS C:\Thumbs.db c:\windows\Fonts\NfoViewer.ttf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\wpcap.dll c:\windows\XSxS . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-09 au 2011-05-09 )))))))))))))))))))))))))))))))))))) . . 2011-05-09 12:25 . 2011-05-09 12:25 -------- d-----w- C:\_OTL 2011-05-07 19:57 . 2011-05-07 19:57 512 ----a-w- C:\PhysicalMBR.bin 2011-05-06 01:42 . 2011-05-06 01:42 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-06 01:36 . 2011-05-08 18:54 -------- d-----w- c:\program files\ZHPDiag 2011-05-06 01:07 . 2011-05-06 01:07 -------- d-----r- c:\documents and settings\LocalService\Favoris 2011-05-05 10:47 . 2011-04-14 16:47 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-05 10:47 . 2011-04-14 16:47 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-05 10:47 . 2011-04-14 16:47 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-05 10:47 . 2011-04-14 16:47 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-05 10:47 . 2011-04-14 16:47 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-05 10:47 . 2011-04-14 16:47 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-05 10:47 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-05 10:47 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-05 00:08 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-05 00:07 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-05 00:07 . 2011-05-05 03:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-04 02:50 . 2011-05-04 02:50 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2011-05-03 22:02 . 2011-05-03 22:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MailFrontier 2011-05-03 17:43 . 2010-08-29 06:53 72704 ----a-w- c:\windows\zllsputility.exe 2011-05-03 17:43 . 2009-10-12 22:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2011-05-03 17:41 . 2010-08-29 06:53 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-05-03 17:41 . 2010-08-29 06:53 103936 ----a-w- c:\windows\system32\zlcommdb.dll 2011-05-03 17:41 . 2011-05-03 18:40 -------- d-----w- c:\windows\system32\ZoneLabs 2011-05-03 17:41 . 2010-08-29 06:53 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-05-03 17:41 . 2011-05-03 17:41 -------- d-----w- c:\program files\Zone Labs 2011-05-03 17:29 . 2011-05-09 20:19 -------- d-----w- c:\windows\Internet Logs 2011-05-03 17:06 . 2011-05-03 17:06 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2011-05-03 16:43 . 2011-05-03 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2011-05-03 16:43 . 2011-05-03 16:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\TuneUp Software 2011-05-03 14:56 . 2011-05-03 14:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-05-03 14:43 . 2011-05-09 18:52 -------- d-----w- c:\documents and settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89 2011-05-03 00:09 . 2011-05-04 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\dL28603GgIgF28603 2011-05-03 00:01 . 2011-05-03 00:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2011-05-03 00:00 . 2011-05-03 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-02 01:17 . 2011-05-02 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft 2011-05-02 01:08 . 2011-05-02 01:24 -------- d-----w- c:\program files\SlySoft 2011-05-02 00:20 . 2011-05-02 00:20 126976 --sha-r- c:\windows\system32\iac25_32X.dll 2011-04-22 13:20 . 2011-04-22 14:07 -------- d-----w- C:\Impot 2010 2011-04-13 21:14 . 2011-04-13 21:14 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS 2011-04-13 21:01 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-04-13 21:01 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-04-13 20:55 . 2011-04-13 20:55 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard 2011-04-13 20:47 . 2011-04-13 21:14 -------- d-----w- c:\program files\Hewlett-Packard . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2007-07-03 18:43 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:36 . 2004-08-05 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2004-08-05 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:05 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:05 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:05 . 2004-08-05 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:42 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2004-08-05 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-05 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 11:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-08-05 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:54 . 2004-08-05 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-04-14 16:47 . 2011-05-05 10:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2007-03-20 726672] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-10-13 1040384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ZAFFRegisterTrustChecker"="-s" [X] "ZAFFRegisterTrustCheckerIE"="-s" [X] . c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp officejet 4100 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe [2003-4-6 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] . [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2008-07-10 13:47 116040 ----a-w- c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] 2007-09-24 02:55 533944 ----a-w- c:\program files\Druide\Antidote\Gestionnaire Antidote.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-03-29 15:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" "Panasonic Hotkey Manager"=c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE "ShwiconXP"=c:\program files\Multimedia Card Reader\ShwiconXP.exe "Persistence"=c:\windows\system32\igfxpers.exe "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "HotKeysCmds"=c:\windows\system32\hkcmd.exe "USBDetector"=c:\usbstorage\USBDetector.exe "PCinfo"=c:\program files\Panasonic\pcinfo\PcInfoUt.exe "SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-01-07 20744] R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-02-12 26352] R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2009-02-12 493032] R2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PCInfoPi.exe [2007-07-03 54928] R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [2007-07-03 186000] R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2009-02-12 35568] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-07-03 36352] R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2007-07-03 42624] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 30088] S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom;c:\windows\system32\drivers\cben5.sys [2007-09-06 46108] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-10-09 642560] . Contenu du dossier 'Tâches planifiées' . 2011-05-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 15:29] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxp://e2icommconf.e2impact.com/download/ilinci86.dll DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\rik8mqj4.default\ FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - prefs.js: network.proxy.type - 0 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHELINS SUPPRIMES - - - - . MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe MSConfigStartUp-EDLauncher - c:\program files\PRMT78\PRMTED\EDLauncher.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe MSConfigStartUp-zpmguqtiw - c:\documents and settings\administrateur\local settings\application data\zpmguqtiw.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-05-09 16:19 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-2843922286-2270138109-1441698907-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,e9,1f,0f,ab,fc,b7,4c,92,26,02,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,e9,1f,0f,ab,fc,b7,4c,92,26,02,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(1184) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\program files\CheckPoint\ZAForceField\AK\icsak.dll . - - - - - - - > 'lsass.exe'(1276) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\program files\CheckPoint\ZAForceField\AK\icsak.dll . - - - - - - - > 'explorer.exe'(3872) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\program files\CheckPoint\ZAForceField\AK\icsak.dll . - - - - - - - > 'csrss.exe'(1048) c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Photodex\ProShowProducer\ScsiAccess.exe c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2011-05-09 16:27:04 - La machine a redémarré ComboFix-quarantined-files.txt 2011-05-09 20:26 . Avant-CF: 35 233 554 432 octets libres Après-CF: 35 077 484 544 octets libres . WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect [spybotsd] timeout.old=30 . - - End Of File - - 041FA64AEE1531A43EFE6DE9891F21C6 -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Voilà pour OTL All processes killed ========== OTL ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== < ipconfig /flushdns /c > Configuration IP de Windows Cache de résolution DNS vidé. C:\Documents and Settings\Administrateur\Bureau\cmd.bat deleted successfully. C:\Documents and Settings\Administrateur\Bureau\cmd.txt deleted successfully. C:\WINDOWS\tasks\Google Software Updater.job moved successfully. File\Folder C:\*.sqm not found. C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\enemies-names.txt moved successfully. C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\local.ini moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 1195355 bytes ->Temporary Internet Files folder emptied: 337140 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 89334837 bytes ->Flash cache emptied: 456 bytes User: All Users User: Camille ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Isabelle ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 1055088 bytes ->Temporary Internet Files folder emptied: 97570577 bytes ->Flash cache emptied: 6427 bytes User: NetworkService ->Temp folder emptied: 2113152 bytes ->Temporary Internet Files folder emptied: 25728337 bytes ->Flash cache emptied: 3036 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1589654 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 209,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05092011_145241 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NJJZCBV0\ads[2].txt not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NJJZCBV0\linkexchange[1].aspx not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NJJZCBV0\pictures_contentdetail_160x600[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DIFK632U\blank[1].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DIFK632U\gemma-norse-goddess-2053993[1].txt not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\58KQ2UAS\like[3].php not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\58KQ2UAS\search[3].txt moved successfully. File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\58KQ2UAS\sharethis[1].js not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\58KQ2UAS\xd_proxy[1].php not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3UMG0D7Q\provider[2].htm not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3UMG0D7Q\technet_ameriquebec_net[1].txt not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3UMG0D7Q\track-pics-gallery[1].htm not found! Registry entries deleted on Reboot... -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Voilà C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application je pensais avoir tout éradiqué de cette m***e au début de mes problèmes, mais il semble que non.....c'est vraiment difficile de s'en défaire -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
Bon, j'utilise habituellement firefox mais comme vous m'avez demande j'ai ouvert internet explorer......houlà!!! Première tentative, je ne vois rien dans la fenêtre ouverte. Je ferme et réouvre et là malheur!!!! J'ai des fenêtres que je venais de fermer sur lesquelles je travaillais sur ma clé usb qui se réouvrent toutes seules!!!! J'ai fermé tout de suite internet explorer. Au moment ou je tape ces lignes, j'utilise mozilla firefox et une fenêtre publicitaire s'ouvre toute seule dans un autre onglet!!! J'ai seulement la page de votre réponse d'ouverte...Je tente de faire la manip mentionné en accédant au site avec Mozilla firefox? Je dois faire autre chose? -
Besoin d'aide SVP [Résolu]
Dancamelonat a répondu à un(e) sujet de Dancamelonat dans Analyses et éradication malwares
J'ai entièrement confiance et vous remercie sincèrement pour votre aide. Je continue et vous reviens. Je voulais aussi vous informer que de tant à autre lorsque je clique sur des hyperliens qui sont sur des sites de confiances une page de pub s'ouvre également avant. C'est un forum ou je vais depuis des années et il n'y a aucune pub de ce genre sur le fofo OK au boulot....je fais ce que vous m'avez demandé et reviens...