Aller au contenu

DadooNum

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    16

  • Inscription

  • Dernière visite

Autres informations

  • Votre config
    Windows XP Pro 2002 SP3
    Intel Core i7
    930 @2.8 GHz
  • Mes langues
    FR

DadooNum's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. DadooNum
    Bonjour Bernard, Je n'avais pas vu ta réponse ! Désolé ! Je ne comprend pas la manip pour l'essai en mode sans echec ?? Dadoo
  2. DadooNum
    J'en peux plus !! J'ai fait la desinstall MBAM, CCleaner, réinstalle MBAM, tous les tests Chameleon et 2 fois !! (tt se passe bien dans la fenetre Dos) mais MBAM ne se lance jamais !! J'ai testé le setup MBAM sur un autre PC : tout se passe bien dès l'installation !! Qu'en penses tu ??? Merci encore de toute ton aide !! Dadoo
  3. DadooNum
    Bonjour Bernard, J'ai utilisé Malwarebytes Anti-Malware Chameleon pour pouvoir lancer MBAM et faire le scan. Apres plusieurs tentatives sur les tests "Chameleon#n" le scan s'est lancé et j'ai supprimé la selection (bcp de virus Ramnit !). Le PC est stable mais j'ai toujours les memes problemes avec Firefox = sites web gégradés (type wap) ou inaccessibles (microsoft.fr par exemple). Depuis que le PC a été nettoyé je n'arrive pas à relancer MBMAM (je viens de faire plusieurs test Chameleon mais sans succès). Est ce normal ?? Pour info voici la sélection repérée par le Scan MBAM (avant la suppression) Merci Dadoo Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Version de la base de données: v2012.05.04.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 :: WIPC [administrateur] 04/05/2012 17:36:19 mbam-log-2012-05-04 (18-06-27).txt Type d'examen: Examen rapide Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 230932 Temps écoulé: 25 minute(s), 56 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 2 C:\Program Files\Messenger\msgsc.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\WIDCOMM\Bluetooth Software\BTBALLOON.DLL (Virus.Ramnit) -> Aucune action effectuée. Clé(s) du Registre détectée(s): 7 HKCR\CLSID\{2B7E6AA9-C4FA-4951-815B-4AFE39D81453} (Virus.Ramnit) -> Aucune action effectuée. HKCR\Interface\{2B7E6AA9-C4FA-4951-815B-4AFE39D81453} (Virus.Ramnit) -> Aucune action effectuée. HKCR\CLSID\{0730F132-BCC0-473E-9C5A-918E10F8CE57} (Virus.Ramnit) -> Aucune action effectuée. HKCR\Interface\{0730F132-BCC0-473E-9C5A-918E10F8CE57} (Virus.Ramnit) -> Aucune action effectuée. HKCU\Software\Winsudate (Adware.GibMedia) -> Aucune action effectuée. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Aucune action effectuée. HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Aucune action effectuée. Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 19 C:\Program Files\Messenger\msgsc.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\WIDCOMM\Bluetooth Software\BTBALLOON.DLL (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\OFFPRV10.DLL (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Virus.Ramnit) -> Aucune action effectuée. C:\Program Files\Mozilla Firefox\0.14766279671709692.exe (Exploit.Dropper) -> Aucune action effectuée. C:\WINDOWS\Explorermgr.exe (Trojan.Agent) -> Aucune action effectuée. (fin)
  4. DadooNum
    Bonsoir Bernard, MBAM ne veut toujours pas se lancer !!! Bonne soirée Dadoo
  5. DadooNum
    Bernard, Ci joint les rapports : RK SCAN--------------------- RogueKiller V7.4.2 [03/05/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/51) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Dadoo [Droits d'admin] Mode: Recherche -- Date: 03/05/2012 16:36:04 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 4 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : GsqDyjdh (C:\Documents and Settings\Dadoo\Local Settings\Application Data\xmynogwq\gsqdyjdh.exe) -> FOUND [bLACKLIST DLL] HKLM\[...]\Run : CANON DR6080_7580_9080C SVC (rundll32.exe DR9KSVC.dll,EntryPointUserMessage) -> FOUND [sUSP PATH] HKUS\S-1-5-21-991901000-472521393-2560308641-1006[...]\Run : GsqDyjdh (C:\Documents and Settings\Dadoo\Local Settings\Application Data\xmynogwq\gsqdyjdh.exe) -> FOUND [sUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\Dadoo\Local Settings\Application Data\xmynogwq\gsqdyjdh.exe) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ST9160310AS +++++ --- User --- [MBR] 07fd859c7c3ed358cc603d8d34b7b71e [bSP] 90bf24bac6acb365b63867c307f47b13 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 81907 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167747328 | Size: 62673 Mo 2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 296102016 | Size: 8004 Mo 3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496128 | Size: 39 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Single Flash Reader USB Device +++++ --- User --- [MBR] b07927c6b904ea2d7d8dc9b2acf6092f [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 968 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1].txt >> RKreport[1].txt RK SUPPRESSION ------------- RogueKiller V7.4.2 [03/05/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/51) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Dadoo [Droits d'admin] Mode: Suppression -- Date: 03/05/2012 16:38:21 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 3 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : GsqDyjdh (C:\Documents and Settings\Dadoo\Local Settings\Application Data\xmynogwq\gsqdyjdh.exe) -> DELETED [bLACKLIST DLL] HKLM\[...]\Run : CANON DR6080_7580_9080C SVC (rundll32.exe DR9KSVC.dll,EntryPointUserMessage) -> DELETED [sUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\Dadoo\Local Settings\Application Data\xmynogwq\gsqdyjdh.exe) -> REPLACED (C:\WINDOWS\system32\userinit.exe,) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ST9160310AS +++++ --- User --- [MBR] 07fd859c7c3ed358cc603d8d34b7b71e [bSP] 90bf24bac6acb365b63867c307f47b13 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 81907 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167747328 | Size: 62673 Mo 2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 296102016 | Size: 8004 Mo 3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496128 | Size: 39 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Single Flash Reader USB Device +++++ --- User --- [MBR] b07927c6b904ea2d7d8dc9b2acf6092f [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 968 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt ADWCLEANER ----------------------------------------------------------- # AdwCleaner v1.604 - Rapport créé le 03/05/2012 à 16:41:49 # Mis à jour le 23/04/2012 par Xplode # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits) # Nom d'utilisateur : Dadoo - WIPC # Exécuté depuis : C:\Documents and Settings\Dadoo\Bureau\adwcleaner.exe # Option [suppression] ***** [services] ***** Arrêté & Supprimé : Application Updater ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Documents and Settings\Dadoo\Application Data\pdfforge Dossier Supprimé : C:\Documents and Settings\Dadoo\Application Data\Search Settings Dossier Supprimé : C:\Documents and Settings\Laure\Application Data\pdfforge Dossier Supprimé : C:\Documents and Settings\Laure\Application Data\Search Settings Dossier Supprimé : C:\Program Files\Application Updater Dossier Supprimé : C:\Program Files\pdfforge Toolbar Dossier Supprimé : C:\Program Files\Fichiers communs\spigot ***** [Registre] ***** Clé Supprimée : HKCU\Software\pdfforge Clé Supprimée : HKCU\Software\Search Settings Clé Supprimée : HKCU\Software\AppDataLow\Software\pdfforge Clé Supprimée : HKCU\Software\AppDataLow\Software\Search Settings Clé Supprimée : HKLM\SOFTWARE\Application Updater Clé Supprimée : HKLM\SOFTWARE\pdfforge Clé Supprimée : HKLM\SOFTWARE\Search Settings ***** [Registre - GUID] ***** Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}] ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v12.0 (fr) Nom du profil : default Fichier : C:\Documents and Settings\Dadoo\Application Data\Mozilla\Firefox\Profiles\e7k2w09g.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. Nom du profil : default Fichier : C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\bc9yaknc.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[s1].txt - [2822 octets] - [03/05/2012 16:41:49] ########## EOF - C:\AdwCleaner[s1].txt - [2950 octets] ########## ZHPDIAG --------------------------------------------------------- Lien CJoint.com 3EdrHciaRwF Merci Dadoo
  6. DadooNum
    Bonjour à tous, J'ai un PC Portable infecté par un/des virus que je n'arrive pas à identifier. Avast et Avira mette en quarantaine des fichiers systemes qui font ensuite planter le PC. Bernard53 m'a au préalable conseillé : - d'installer MBAM : ce dernier ne lance pas ! - d'installer et de poster le rapport ZHPDiag : Lien CJoint.com 3EdlCdAXY9a Merci d'avance pour vos réponses Dadoo
  7. DadooNum
    Bonjour Bernard, Bon rien ne change avec démarrage selectif. Je propose de clore ce sujet car j'ai maintenant besoin de cleaner le PC Portable. Je démarre 1 nouveau sujet sous le titre "Infection non identifiée sur PC portable" (au cas où tu serais interressé !! ) Je tiens à te remercier pour tout le support que tu m'as apporté. Dadoo
  8. DadooNum
    Bonjour Bernard, Merci et désolé pour la réponse mais j'étais en déplacement et maintenant en long weekend avec la famillle. Je regarde tout ca la semaine prochaine et clore ce sujet. Pour le point 1 : tu veux dire "Demarrage normal" et non "Demarrage Selectif". Bon We Dadoo
  9. DadooNum
    1 - J'ai activé la case "ne plus avoir cette demande" et au redémarrage j'ai un écran noir en fond du bureau. L'arrière plan du bureau est à chaque fois désactivé. 2 - ?? Je ne sais comment voir si le pare-feu Windows est en cause 3 - Merci pour les explications 4 - Avec MBAM rapport totalement clean sur le PC!! Puis laisser MBAM sans conflit avec AVAST ??? Sinon le DELFIX a été effectué ainsi que le point de restauration. 5 - Pour le portable ça commence mal : MBAM est installé mais ne veut pas se lancer. J'ai l'impression qu'il y a probleme de connexion Internet. Je constate que - aucune mise à jour ne se lance à fin de l'install MBAM - j'accede seulement à quelques sites Internet (type google ou mail), d'autre pas du tout (ton lien pour telecharger MBAM sur www.malwarebytes.org/) = CONNEXION ECHOUE ou version completement dégradée (type acces WAP des portables d'il y a longtemps) pour par exemple commentcamarche.net PS : pour installer MBAM j'ai récupéré l'install sur le PC par le reseau. => Je fais un ZHPDiag ??? Merci Dadou
  10. DadooNum
    Super !!! Merci Beaucoup Bernard ! Concernant le PC j'ai quelques questions/remarques : 1 - Au démarrage,je n'ai plus le message d'erreur. Il m'indique que je dois Sélectionner "Demarrage Normal" dans MSCONFIG (suis actuellement en "Demarrage Sélectif") : j'imagine que je dois bien le faire ?? 2 - Un petit souci de connexion aux favoris reseaux et le reseau en général : je n'ai plus accès aux autres domaines réseaux (type MSGROUP, WORKGROUP) autre que celui du PC en question. 3 - Que s'est il finalement passé au niveau du/des virus ? J'avais zeroaccess et Smart fortress ? J'ai également vu des commandes (dans tes citations) concernant sweetIM : c'était un virus ?? 4 - De manière générale que préconise tu comme anti-virus (fiable, stable et pas trop gourmant en ressources ...???) 5 - Je souhaite démarrer un autre sujet concernant d'autres problemes de virus sur mon portable. Afin de faciliter la recherche des helpers, préconise tu de mettre les rapports suivant au lancement du sujet : a- RogueKiller - rapport de scan b- RogueKiller - rapport de suppression c- ZHPDiag ou OTL : Les 2 premiers rapports générés avec tes 1eres commandes citées dans "Personnalisation" Encore Merci Dadou
  11. DadooNum
    Bernard, Ci joint les rapport OTL (Correction) et ComboFix. A noter que j'ai dû redémarrer le PC suite au scan Combofix. Au préalable, j'avais sauvargardé le rapport Combofix en plus de celui contenu sur C:\ Au démarrage, j'ai à chaque fois le message "C:\WINDOWS\deamon.dll error". Merci Dadoo ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename Prefs.js: "" removed from browser.search.defaulturl Prefs.js: "SweetIM Search" removed from browser.search.selectedEngine Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Rechercher sur le Web\ deleted successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html moved successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer folder moved successfully. C:\Program Files\SweetIM\Toolbars folder moved successfully. C:\Program Files\SweetIM\Messenger\resources\sqlite folder moved successfully. C:\Program Files\SweetIM\Messenger\resources\images folder moved successfully. C:\Program Files\SweetIM\Messenger\resources folder moved successfully. C:\Program Files\SweetIM\Messenger folder moved successfully. C:\Program Files\SweetIM\Communicator\resources\sqlite folder moved successfully. C:\Program Files\SweetIM\Communicator\resources folder moved successfully. C:\Program Files\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully. C:\Program Files\SweetIM\Communicator folder moved successfully. C:\Program Files\SweetIM folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\update folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\logs folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\packages folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\Bars folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Communicator\Logs folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Communicator\conf folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM\Communicator folder moved successfully. C:\Documents and Settings\All Users\Application Data\SweetIM folder moved successfully. C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-725345543-1993962763-1801674531-1003UA.job moved successfully. C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-725345543-1993962763-1801674531-1003Core.job moved successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.41.0 log created on 04242012_144713 ComboFix 12-04-24.01 - numelec 24/04/2012 15:06:18.1.8 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3063.2487 [GMT 2:00] Lancé depuis: c:\documents and settings\numelec\Bureau\ComboFix.exe AV: avast! antivirus 4.7.1001 [VPS 120424-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\numelec\Application Data\Mozilla\Firefox\Profiles\wf2jc75x.default\weave\toFetch C:\setup.exe c:\windows\$NtUninstallKB12939$ c:\windows\$NtUninstallKB12939$\776074327 c:\windows\daemon.dll c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SET14C.tmp c:\windows\system32\SET16A.tmp c:\windows\system32\SET16B.tmp c:\windows\system32\SET174.tmp c:\windows\system32\SET178.tmp c:\windows\system32\urttemp c:\windows\system32\urttemp\fusion.dll c:\windows\system32\urttemp\mscoree.dll c:\windows\system32\urttemp\mscoree.dll.local c:\windows\system32\urttemp\mscorsn.dll c:\windows\system32\urttemp\mscorwks.dll c:\windows\system32\urttemp\msvcr71.dll c:\windows\system32\urttemp\regtlib.exe . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_.netbt . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-03-24 au 2012-04-24 )))))))))))))))))))))))))))))))))))) . . 2012-04-24 12:47 . 2012-04-24 12:47 -------- d-----w- C:\_OTL 2012-04-24 09:52 . 2012-04-24 09:52 512 ----a-w- C:\PhysicalMBR.bin 2012-04-23 10:13 . 2012-04-23 10:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2012-04-23 10:11 . 2003-06-18 15:31 16384 ----a-w- c:\windows\system32\MSPGIMME.DLL 2012-04-23 10:11 . 2003-06-18 15:31 443904 ----a-w- c:\windows\system32\MDIVWCTL.DLL 2012-04-23 10:11 . 2003-06-18 15:31 1033216 ----a-w- c:\windows\system32\MSPCORE.DLL 2012-04-23 10:11 . 2002-08-12 12:56 1706800 ----a-w- c:\windows\system32\GDIPLUS.DLL 2012-04-19 13:02 . 2012-04-19 13:02 -------- d-----w- c:\documents and settings\numelec\modelio 2012-04-16 15:46 . 2012-04-16 15:46 -------- d-----w- C:\spoolerlogs 2012-04-16 15:41 . 2012-04-16 15:41 -------- d-----w- c:\documents and settings\numelec\Local Settings\Application Data\canon.jp 2012-04-16 13:12 . 2012-04-16 13:12 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2012-04-16 13:06 . 2012-04-24 09:07 -------- d-----w- C:\ZHP 2012-04-16 13:06 . 2012-04-24 09:07 -------- d-----w- c:\program files\ZHPDiag 2012-04-13 17:23 . 2012-04-16 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\99058D590010B14700015A98D151FC4E 2012-04-13 12:48 . 2012-04-13 12:48 -------- d-----w- c:\documents and settings\numelec\Application Data\Maxprog 2012-04-13 12:47 . 2012-04-13 12:48 -------- d-----w- c:\program files\MaxBulk Mailer 2012-04-10 07:45 . 2012-04-10 07:45 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-04-10 07:45 . 2012-04-10 07:45 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-01 11:00 . 2008-04-13 17:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 2008-04-13 17:34 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-03-01 11:00 . 2008-04-13 17:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-29 14:10 . 2008-04-13 17:33 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2008-04-13 17:33 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2008-04-13 17:00 385024 ----a-w- c:\windows\system32\html.iec 2012-02-16 19:16 . 2011-07-14 10:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:58 . 2008-04-13 16:58 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-04-10 07:45 . 2012-02-03 10:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-08-20 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Copernic Desktop Search - Professional"="c:\program files\Copernic Desktop Search - Pro\DesktopSearchService.exe" [2011-11-22 1798104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] "CNAP2 Launcher"="c:\windows\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-05 406944] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "RemoteControl"="c:\windows\system32\rmctrl.exe" [2001-11-09 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2009-10-02 22:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2009-10-03 03:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CANON DR6080_7580_9080C SVC] 2005-02-15 11:48 61440 ----a-w- c:\windows\system32\DR9KSVC.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2011-11-24 10:06 137536 ----atw- c:\documents and settings\numelec\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2008-07-17 11:10 888832 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2008-04-14 20:41 1040384 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Synology\\Assistant\\DSAssistant.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Documents and Settings\\numelec\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Gestion à distance de Windows . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [22/06/2010 20:43 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [22/06/2010 20:43 5248] R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [22/07/2010 18:07 814344] R2 InliteLM;InliteLM Service;c:\progra~1\CLEARI~1\COM\INLITE~1.EXE [08/12/2011 20:14 709672] R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [21/03/2011 12:55 196928] R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20/10/2010 18:41 67904] R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [02/12/2011 11:37 2923392] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S3 CLPCIID;CLPCIID;c:\program files\CyberLink\PowerDVD\clpciid.sys [22/06/2010 20:35 24772] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 14:49 227232] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [13/04/2008 19:34 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contenu du dossier 'Tâches planifiées' . 2012-04-24 c:\windows\Tasks\SyncBack AGORA POOL - ETAPE 1-2.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-24 c:\windows\Tasks\SyncBack AGORA STOCKAGE - ETAPE 2-2.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-23 c:\windows\Tasks\SyncBack COPERNIC INDEX SONATA.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-24 c:\windows\Tasks\SyncBack JOAN.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2011-02-10 c:\windows\Tasks\SyncBack Luxia - PRODUCTION sur MD.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2011-02-10 c:\windows\Tasks\SyncBack Luxia - PRODUCTION sur PC1.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2011-02-10 c:\windows\Tasks\SyncBack Luxia - PRODUCTION sur PC2.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2011-02-10 c:\windows\Tasks\SyncBack Luxia - PRODUCTION sur SONATA.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-23 c:\windows\Tasks\SyncBack Migration DD sur Production-Lexbase.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-23 c:\windows\Tasks\SyncBack Migration Modeles sur Sonata.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-23 c:\windows\Tasks\SyncBack MODELES SAUVEGARDE PCAN.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-23 c:\windows\Tasks\SyncBack MODELES SAUVEGARDE SONATA.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-23 c:\windows\Tasks\SyncBack SONATA LOCAL DEC svg.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-23 c:\windows\Tasks\SyncBack SVG_PC5_DECOUPAGE.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-23 c:\windows\Tasks\SyncBack SVG_SONATA_DECOUPAGE.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-10-27 10:00] . 2012-04-24 c:\windows\Tasks\User_Feed_Synchronization-{40D3A964-4E61-4ABF-86DA-8531D879AE23}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.254 FF - ProfilePath - c:\documents and settings\numelec\Application Data\Mozilla\Firefox\Profiles\wf2jc75x.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: network.proxy.type - 0 . - - - - ORPHELINS SUPPRIMES - - - - . HKLM-Run-nwiz - nwiz.exe MSConfigStartUp-99058D590010B14700015A98D151FC4E - c:\documents and settings\All Users\Application Data\99058D590010B14700015A98D151FC4E\99058D590010B14700015A98D151FC4E.exe MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe MSConfigStartUp-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe AddRemove-Smart Fortress 2012 - c:\documents and settings\All Users\Application Data\99058D590010B14700015A98D151FC4E\99058D590010B14700015A98D151FC4E.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-04-24 15:18 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'explorer.exe'(3188) c:\program files\Copernic Desktop Search - Pro\DeskbandContainer_Win32.dll c:\program files\Copernic Desktop Search - Pro\SearchPlatform-s.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\WgaTray.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\SearchIndexer.exe c:\program files\TeamViewer\Version7\TeamViewer.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\TeamViewer\Version7\tv_w32.exe c:\windows\system32\RUNDLL32.EXE c:\windows\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE c:\windows\System32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE c:\windows\System32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE . ************************************************************************** . Heure de fin: 2012-04-24 15:21:42 - La machine a redémarré ComboFix-quarantined-files.txt 2012-04-24 13:21 . Avant-CF: 692 220 493 824 octets libres Après-CF: 694 860 095 488 octets libres . - - End Of File - - BE79DB8374511DBE09549495FAAC0007
  12. DadooNum
    Bonjour Bernard, Ci-après le rapport RogueKiller en mode SUPRRESSION ------------------------------- RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: numelec [Droits d'admin] Mode: Suppression -- Date: 24/04/2012 11:06:16 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (d347bus.sys @ 0xB7F8E818) SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (d347bus.sys @ 0xB7F8E7D0) SSDT[45] : NtCreatePagingFile @ 0x805AB9EE -> HOOKED (d347bus.sys @ 0xB7F82A20) SSDT[71] : NtEnumerateKey @ 0x8062493C -> HOOKED (d347bus.sys @ 0xB7F832A8) SSDT[73] : NtEnumerateValueKey @ 0x80624BA6 -> HOOKED (d347bus.sys @ 0xB7F8E910) SSDT[119] : NtOpenKey @ 0x806254CE -> HOOKED (d347bus.sys @ 0xB7F8E794) SSDT[160] : NtQueryKey @ 0x80625810 -> HOOKED (d347bus.sys @ 0xB7F832C8) SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (d347bus.sys @ 0xB7F8E866) SSDT[241] : NtSetSystemPowerState @ 0x80653E18 -> HOOKED (d347bus.sys @ 0xB7F8E0B0) _INLINE_ : NtCreatePagingFile -> HOOKED (d347bus.sys @ 0xB7F965C4) ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 mpa.one.microsoft.com ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD753LJ +++++ --- User --- [MBR] 83d21979f1bca489a7472afac19fe694 [bSP] 9ea93bfacf471b7fbb4d9d1055d1c197 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[10].txt >> ------------------------------- Et enfin les 2 rapports OTL OTL.txt ------------------------------- OTL logfile created on: 24/04/2012 11:51:17 - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\numelec\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,99 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,12% Memory free 4,83 Gb Paging File | 4,07 Gb Available in Paging File | 84,23% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 698,63 Gb Total Space | 644,69 Gb Free Space | 92,28% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive W: | 1372,38 Gb Total Space | 420,41 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Drive X: | 1372,38 Gb Total Space | 420,41 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Drive Y: | 1372,38 Gb Total Space | 420,41 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Drive Z: | 1372,38 Gb Total Space | 420,41 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Computer Name: SONATA | User Name: numelec | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\numelec\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\ZHPDiag\ZHPDiag.exe () PRC - C:\Program Files\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files\Copernic Desktop Search - Pro\DesktopSearchService.exe (Copernic Inc.) PRC - C:\Program Files\ClearImage\COM\InliteLMService.exe ( Inlite Research, Inc.) PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software) PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Program Files\Fichiers communs\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC8SWK.EXE (CANON INC.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2RPK.EXE (CANON INC.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME) PRC - C:\WINDOWS\system32\rmctrl.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\ZHPDiag\ZHPDiag.exe () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Program Files\Alwil Software\Avast4\unacev2.dll () MOD - C:\WINDOWS\daemon.dll () MOD - C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll () MOD - C:\WINDOWS\system32\rmctrl.exe () MOD - C:\WINDOWS\system32\ctrldll.dll () ========== Win32 Services (SafeList) ========== SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (InliteLM) -- C:\Program Files\ClearImage\COM\InliteLMService.exe ( Inlite Research, Inc.) SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software) SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (.netbt) -- File not found DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (d347prt) -- C:\WINDOWS\system32\drivers\d347prt.sys ( ) DRV - (d347bus) -- C:\WINDOWS\system32\drivers\d347bus.sys ( ) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (CLPCIID) -- C:\Program Files\CyberLink\PowerDVD\clpciid.sys (CyberLink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={6D7BBA8B-87A8-11E1-ACCE-1CAFF770EFAC} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = Server Error IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Recherche Google IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = Server Error IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {5A288A4E-7C09-40B9-AF27-A297A10B881D}:3.0.4.19 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\numelec\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/10 09:45:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/03 12:13:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ff7ea51e-0dcd-4e5d-a0a0-332a854012ba}: C:\Program Files\Copernic Desktop Search - Pro\Firefox70Connector [2011/12/22 12:42:11 | 000,000,000 | ---D | M] [2010/07/01 16:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\numelec\Application Data\Mozilla\Extensions [2012/04/18 15:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\numelec\Application Data\Mozilla\Firefox\Profiles\wf2jc75x.default\extensions [2011/07/03 18:51:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\numelec\Application Data\Mozilla\Firefox\Profiles\wf2jc75x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/03 12:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/08 16:28:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/04/10 09:45:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/09/08 16:28:06 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/02/15 14:33:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2012/02/15 14:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/15 14:33:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2012/02/15 14:33:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2012/02/15 14:33:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2012/02/15 14:33:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/06/22 16:56:15 | 000,000,837 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [CNAP2 Launcher] C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.) O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found O4 - HKLM..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Copernic Desktop Search - Professional] C:\Program Files\Copernic Desktop Search - Pro\DesktopSearchService.exe (Copernic Inc.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Ajouter à un fichier PDF existant - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convertir au format Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277218640093 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB945B33-E3E1-4C74-805A-CF54DD12839D}: DhcpNameServer = 192.168.0.254 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\numelec\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\numelec\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/06/22 13:34:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4786c33e-da92-11df-ac3e-1caff770efac}\Shell - "" = AutoRun O33 - MountPoints2\{4786c33e-da92-11df-ac3e-1caff770efac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NumEdex.eXe O33 - MountPoints2\{78bdbc58-8519-11df-ac31-1caff770efac}\Shell - "" = AutoRun O33 - MountPoints2\{78bdbc58-8519-11df-ac31-1caff770efac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Nc.exe O33 - MountPoints2\{86417aa2-98be-11e0-ac70-1caff770efac}\Shell - "" = AutoRun O33 - MountPoints2\{86417aa2-98be-11e0-ac70-1caff770efac}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation) MsConfig - StartUpReg: 99058D590010B14700015A98D151FC4E - hkey= - key= - File not found MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: CANON DR6080_7580_9080C SVC - hkey= - key= - File not found MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Documents and Settings\numelec\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: SoundMAX - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) MsConfig - StartUpReg: Sweetpacks Communicator - hkey= - key= - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) SafeBootMin: PEVSystemStart - Service SafeBootMin: procexp90.Sys - Driver SafeBootNet: PEVSystemStart - Service SafeBootNet: procexp90.Sys - Driver ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8B51B502-2A1B-B9AB-90D8-315590B18170} - Outlook Express ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {D67A7A22-D86D-52F8-0FB3-9A864A3733D3} - Mise à jour de la version d’Internet Explorer ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2012/04/24 11:49:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\numelec\Recent [2012/04/24 11:19:59 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\numelec\Bureau\OTL.exe [2012/04/23 12:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2012/04/23 12:11:09 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GDIPLUS.DLL [2012/04/23 12:11:09 | 001,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSPCORE.DLL [2012/04/23 12:11:09 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MDIVWCTL.DLL [2012/04/23 12:11:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSPGIMME.DLL [2012/04/19 15:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\numelec\modelio [2012/04/16 17:46:29 | 000,000,000 | ---D | C] -- C:\spoolerlogs [2012/04/16 17:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\numelec\Local Settings\Application Data\canon.jp [2012/04/16 15:06:51 | 000,000,000 | ---D | C] -- C:\ZHP [2012/04/16 15:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP [2012/04/16 15:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2012/04/16 12:32:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/04/16 12:32:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/04/16 12:32:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/04/16 12:32:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/04/16 12:32:15 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/04/16 12:32:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/04/16 12:30:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/16 12:30:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\numelec\Menu Démarrer\Programmes\Outils d'administration [2012/04/16 12:28:33 | 004,464,884 | R--- | C] (Swearware) -- C:\Documents and Settings\numelec\Bureau\ComboFix.exe [2012/04/16 12:19:55 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\numelec\Bureau\tdsskiller.exe [2012/04/16 11:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\numelec\Bureau\RK_Quarantine [2012/04/16 11:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012/04/16 11:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SweetIM [2012/04/13 19:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\numelec\Menu Démarrer\Programmes\Smart Fortress 2012 [2012/04/13 19:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\99058D590010B14700015A98D151FC4E [2012/04/13 14:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\numelec\Mes documents\Maxprog [2012/04/13 14:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\numelec\Application Data\Maxprog [2012/04/13 14:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MaxBulk Mailer [2012/04/13 14:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\MaxBulk Mailer [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/24 11:55:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{40D3A964-4E61-4ABF-86DA-8531D879AE23}.job [2012/04/24 11:52:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2012/04/24 11:19:59 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\numelec\Bureau\OTL.exe [2012/04/24 11:11:01 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-725345543-1993962763-1801674531-1003UA.job [2012/04/24 11:11:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-725345543-1993962763-1801674531-1003Core.job [2012/04/24 10:56:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/24 10:55:58 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012/04/24 10:54:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/24 08:30:03 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack AGORA STOCKAGE - ETAPE 2-2.job [2012/04/24 07:00:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack AGORA POOL - ETAPE 1-2.job [2012/04/24 05:00:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack JOAN.job [2012/04/24 00:07:26 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack SVG_PC5_DECOUPAGE.job [2012/04/24 00:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Migration Modeles sur Sonata.job [2012/04/23 23:28:55 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack SVG_SONATA_DECOUPAGE.job [2012/04/23 23:25:01 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack SONATA LOCAL DEC svg.job [2012/04/23 23:20:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack COPERNIC INDEX SONATA.job [2012/04/23 23:10:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack MODELES SAUVEGARDE SONATA.job [2012/04/23 23:00:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack MODELES SAUVEGARDE PCAN.job [2012/04/23 19:05:43 | 000,000,009 | ---- | M] () -- C:\Contrib.PWD [2012/04/23 17:54:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\numelec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/23 12:08:24 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\numelec\Bureau\nolette.mdi [2012/04/19 17:07:58 | 000,021,058 | ---- | M] () -- C:\Documents and Settings\numelec\Bureau\PAPREC RECU.pdf [2012/04/19 16:40:57 | 000,011,885 | ---- | M] () -- C:\Documents and Settings\numelec\Bureau\Infogreffe recu.pdf [2012/04/16 16:26:35 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\numelec\Bureau\MicrosoftFixit50199.msi [2012/04/16 15:44:32 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2012/04/16 15:12:10 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2012/04/16 15:06:39 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk [2012/04/16 15:06:39 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk [2012/04/16 15:06:39 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk [2012/04/16 12:28:08 | 004,464,884 | R--- | M] (Swearware) -- C:\Documents and Settings\numelec\Bureau\ComboFix.exe [2012/04/16 12:19:14 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\numelec\Bureau\tdsskiller.exe [2012/04/16 11:52:21 | 001,262,080 | ---- | M] () -- C:\Documents and Settings\numelec\Bureau\RogueKiller.exe [2012/04/13 19:32:06 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\numelec\Bureau\Smart Fortress 2012.lnk [2012/04/11 03:07:28 | 000,575,542 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2012/04/11 03:07:28 | 000,481,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/11 03:07:28 | 000,103,620 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2012/04/11 03:07:28 | 000,079,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/10 10:41:32 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\numelec\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers Production sur 'Disk Station ' (W).lnk [2012/04/10 10:41:07 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\numelec\Bureau\Production sur Disk Station.lnk [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/24 11:52:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2012/04/23 12:08:24 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\numelec\Bureau\nolette.mdi [2012/04/19 17:07:58 | 000,021,058 | ---- | C] () -- C:\Documents and Settings\numelec\Bureau\PAPREC RECU.pdf [2012/04/19 16:40:57 | 000,011,885 | ---- | C] () -- C:\Documents and Settings\numelec\Bureau\Infogreffe recu.pdf [2012/04/16 16:26:34 | 000,650,240 | ---- | C] () -- C:\Documents and Settings\numelec\Bureau\MicrosoftFixit50199.msi [2012/04/16 15:12:10 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin [2012/04/16 15:06:39 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk [2012/04/16 15:06:39 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk [2012/04/16 15:06:39 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk [2012/04/16 12:32:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/04/16 12:32:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/04/16 12:32:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/04/16 12:32:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/04/16 12:32:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/04/16 11:52:57 | 001,262,080 | ---- | C] () -- C:\Documents and Settings\numelec\Bureau\RogueKiller.exe [2012/04/13 19:32:06 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\numelec\Bureau\Smart Fortress 2012.lnk [2012/04/12 12:23:02 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\SyncBack AGORA STOCKAGE - ETAPE 2-2.job [2012/04/12 12:22:20 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\SyncBack AGORA POOL - ETAPE 1-2.job [2012/04/10 10:41:32 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\numelec\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers Production sur 'Disk Station ' (W).lnk [2012/04/10 10:41:07 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\numelec\Bureau\Production sur Disk Station.lnk [2012/03/03 17:22:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/29 19:39:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\COOWIZCK.INI [2012/02/29 19:38:54 | 000,000,050 | ---- | C] () -- C:\WINDOWS\coowiz20.ini [2012/02/14 20:10:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/02/22 19:11:59 | 000,326,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-1993962763-1801674531-1003-0.dat [2011/02/22 19:11:58 | 000,275,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2010/09/17 16:33:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2010/09/08 11:27:04 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\numelec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/07/02 17:03:43 | 000,005,226 | ---- | C] () -- C:\WINDOWS\pixcache.ini [2010/07/02 16:41:39 | 000,024,610 | ---- | C] () -- C:\WINDOWS\SetScan.ini [2010/07/01 16:03:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/06/23 15:59:09 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/06/22 20:43:52 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2010/06/22 20:43:52 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [2010/06/22 20:35:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ctrldll.dll [2010/06/22 20:35:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\rmctrl.exe [2010/06/22 19:57:21 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\numelec\Local Settings\Application Data\fusioncache.dat [2010/06/22 16:26:10 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2010/06/22 16:24:48 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010/06/22 16:24:38 | 000,030,320 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010/06/22 16:24:38 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010/06/22 13:57:32 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/06/22 13:56:18 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/22 13:45:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/06/22 13:32:23 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== Custom Scans ========== < HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl|FEATURE_BROWSER_EMULATION /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\sllauncher.exe: 8000 < HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs > < HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/10 09:45:24 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/10 09:45:24 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/10 09:45:24 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/10 09:45:26 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/10 09:45:26 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/10 09:45:26 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 14:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 14:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 14:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/10 09:45:24 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/10 09:45:24 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/10 09:45:24 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/10 09:45:26 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/10 09:45:26 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/10 09:45:26 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 14:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 14:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 14:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers /s > "timer" = timer.drv -- [2001/08/28 16:00:00 | 000,004,096 | ---- | M] (Microsoft Corporation) < HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc /s > "msaud32.acm" = Windows Media Audio Codec "sl_anet.acm" = Sipro Lab Telecom Audio Codec "C:\WINDOWS\system32\iac25_32.ax" = Indeo® audio software "ir50_32.dll" = Indeo® video 5.10 "C:\WINDOWS\system32\l3codeca.acm" = Fraunhofer IIS MPEG Layer-3 Codec "wdmaud.drv" = ADI UAA Function Driver for High Definition Audio < %temp%\smtmp\1\*.* /s > < %temp%\smtmp\2\*.* /s > < %temp%\smtmp\4\*.* /s > < nslookup Google /c > Serveur : UnKnown Address: 192.168.0.254 < %systemroot%\system32\drivers\*.sys /lockedfiles > < %APPDATA%\*.exe /s > [2006/08/15 10:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\numelec\Application Data\U3\temp\cleanup.exe < %SYSTEMDRIVE%\*.exe > [1999/01/12 12:42:20 | 000,073,728 | ---- | M] (InstallShield Software Corporation) -- C:\Setup.exe [1998/10/27 13:06:48 | 000,027,648 | ---- | M] (InstallShield Software Corporation) -- C:\_ISDel.exe < MD5 for: AGP440.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: AHCIX86.SYS > [2008/08/20 10:05:39 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\WINDOWS\NLDRV\003\ahcix86.sys [2008/08/20 10:05:41 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\WINDOWS\NLDRV\004\ahcix86.sys [2008/08/20 10:16:37 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\WINDOWS\NLDRV\013\ahcix86.sys [2008/08/20 10:16:38 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\WINDOWS\NLDRV\014\ahcix86.sys [2008/08/20 10:19:04 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\WINDOWS\NLDRV\023\ahcix86.sys [2008/08/20 10:19:05 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\WINDOWS\NLDRV\024\ahcix86.sys < MD5 for: ATAPI.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\i386\atapi.sys < MD5 for: CDROM.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/04/13 11:40:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2011/02/08 03:16:22 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys < MD5 for: CHANGER.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys < MD5 for: CTFMON.EXE > [2008/04/13 19:34:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe [2008/04/13 19:34:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\dllcache\ctfmon.exe < MD5 for: DISK.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2008/04/13 11:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IASTOR.SYS > [2008/08/20 10:05:47 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\009\iastor.sys [2008/08/20 10:16:44 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\019\iastor.sys [2008/08/20 10:19:10 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\029\iastor.sys < MD5 for: NDIS.SYS > [2008/04/13 12:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008/04/13 12:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys < MD5 for: NETLOGON.DLL > [2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATABUS.SYS > [2008/08/20 10:05:57 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\WINDOWS\NLDRV\010\nvatabus.sys [2008/08/20 10:16:54 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\WINDOWS\NLDRV\020\nvatabus.sys [2008/08/20 10:19:20 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\WINDOWS\NLDRV\030\nvatabus.sys < MD5 for: RASACD.SYS > [2001/08/28 16:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2001/08/28 16:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys < MD5 for: RDPCLIP.EXE > [2008/04/13 19:34:20 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=B46EF6930DDE7393FB4BD0150BCC786C -- C:\WINDOWS\system32\dllcache\rdpclip.exe [2008/04/13 19:34:20 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=B46EF6930DDE7393FB4BD0150BCC786C -- C:\WINDOWS\system32\rdpclip.exe < MD5 for: RDPWD.SYS > [2012/01/09 18:19:13 | 000,139,784 | ---- | M] (Microsoft Corporation) MD5=2D293B720C206473A05950CE007DB12A -- C:\WINDOWS\$hf_mig$\KB2621440\SP3QFE\rdpwd.sys [2011/06/24 16:09:15 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=3348E61A78BA4F79C795AAD6565D3B6F -- C:\WINDOWS\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys [2012/01/09 18:20:23 | 000,139,784 | ---- | M] (Microsoft Corporation) MD5=5B3055DAA788BD688594D2F5981F2A83 -- C:\WINDOWS\system32\dllcache\rdpwd.sys [2012/01/09 18:20:23 | 000,139,784 | ---- | M] (Microsoft Corporation) MD5=5B3055DAA788BD688594D2F5981F2A83 -- C:\WINDOWS\system32\drivers\rdpwd.sys < MD5 for: SCECLI.DLL > [2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll < MD5 for: SFLOPPY.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2008/04/13 11:40:50 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys < MD5 for: SPLITTER.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2008/04/13 11:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\dllcache\splitter.sys [2008/04/13 11:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys < MD5 for: SWMIDI.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2008/04/13 11:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\dllcache\swmidi.sys [2008/04/13 11:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys < MD5 for: TCPIP.SYS > [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys < MD5 for: TDPIPE.SYS > [2008/04/13 19:34:54 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\dllcache\tdpipe.sys [2008/04/13 19:34:54 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys < MD5 for: TDTCP.SYS > [2008/04/13 19:34:54 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\dllcache\tdtcp.sys [2008/04/13 19:34:54 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys < MD5 for: USBPRINT.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2008/04/13 11:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\dllcache\usbprint.sys [2008/04/13 11:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys < MD5 for: USBSCAN.SYS > [2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2008/04/13 11:45:36 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\dllcache\usbscan.sys [2008/04/13 11:45:36 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys < MD5 for: USERINIT.EXE > [2008/04/13 19:34:28 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/13 19:34:28 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe < MD5 for: VOLSNAP.SYS > [2008/04/13 18:56:06 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\dllcache\volsnap.sys [2008/04/13 18:56:06 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\drivers\volsnap.sys < MD5 for: WINLOGON.EXE > [2008/04/13 19:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/13 19:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WSCNTFY.EXE > [2008/04/13 19:34:30 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=02DA31AB433A6C1110A736C85701DECA -- C:\WINDOWS\system32\dllcache\wscntfy.exe [2008/04/13 19:34:30 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=02DA31AB433A6C1110A736C85701DECA -- C:\WINDOWS\system32\wscntfy.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB12939$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF < End of report > ------------------------------------- ET EXTRAS.TXT ------------------------------------- OTL Extras logfile created on: 24/04/2012 11:51:17 - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\numelec\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,99 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,12% Memory free 4,83 Gb Paging File | 4,07 Gb Available in Paging File | 84,23% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 698,63 Gb Total Space | 644,69 Gb Free Space | 92,28% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive W: | 1372,38 Gb Total Space | 420,41 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Drive X: | 1372,38 Gb Total Space | 420,41 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Drive Y: | 1372,38 Gb Total Space | 420,41 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Drive Z: | 1372,38 Gb Total Space | 420,41 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Computer Name: SONATA | User Name: numelec | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5985:TCP" = 5985:TCP:*:Disabled:Gestion à distance de Windows "80:TCP" = 80:TCP:*:Disabled:Gestion à distance de Windows - Mode de compatibilité (HTTP-Entrée) "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Synology\Assistant\DSAssistant.exe" = C:\Program Files\Synology\Assistant\DSAssistant.exe:*:Enabled:DSAssistant -- () "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Documents and Settings\numelec\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\numelec\Application Data\Spotify\spotify.exe:*:Enabled:Spotify "C:\Documents and Settings\numelec\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\numelec\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited) "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6 "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026 "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2F3B366-830E-4371-9130-A8D6BE751363}" = CapturePerfect 3.0 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0CD13AB-2094-45D3-938D-9DA3DC9FE69C}" = Nitro PDF Professional "{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Arachnophilia 5.4_is1" = Arachnophilia 5.4 "avast!" = avast! Antivirus "Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2 "Canon LBP5050" = Canon LBP5050 "CCleaner" = CCleaner (remove only) "ClearImage 7 PDK" = ClearImage 7 PDK "CopernicDesktopSearch2" = Copernic Desktop Search - Professional "DR-6080/7580/9080C Driver" = Canon DR-6080/7580/9080C Driver "File Recover_is1" = File Recover 8.0 "FileZilla Client" = FileZilla Client 3.5.2 "ie8" = Windows Internet Explorer 8 "Marvell Miniport Driver" = Marvell Miniport Driver "MaxBulk Mailer_is1" = MaxBulk Mailer 8.3.7 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "Mozilla Firefox 11.0 (x86 fr)" = Mozilla Firefox 11.0 (x86 fr) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NoIPDUC" = No-IP DUC "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Oloneo PhotoEngine" = Oloneo PhotoEngine "Picasa 3" = Picasa 3 "Recovery Toolbox for PDF_is1" = Recovery Toolbox for PDF 1.1 "SilverStream JRunner" = SilverStream JRunner "SyncBack_is1" = SyncBack "Synology Assistant" = Synology Assistant (remove only) "TeamViewer 7" = TeamViewer 7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "WinRAR archiver" = Logiciel d'archivage WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "ZHPDiag_is1" = ZHPDiag 1.30 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "5db7d2994f64dec1" = Numelex PdfCuttingTable "8c916c411752ae2e" = Numelex search and replace "8cfef47c5fe7719b" = Numelex ScanCleaner "Smart Fortress 2012" = Smart Fortress 2012 ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 06/07/2010 08:17:38 | Computer Name = SONATA | Source = avast! | ID = 33554522 Description = Scan of "H:\" area failed with 00000003 error (function avfilesScanReal failed). Error - 09/02/2011 15:25:37 | Computer Name = SONATA | Source = avast! | ID = 33554522 Description = AAVM - scanning error: Aavm: FetchGlobalCounters cannot open mapping - server DOWN???, 00000002. [ Application Events ] Error - 24/11/2011 04:44:59 | Computer Name = SONATA | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 24/11/2011 07:38:36 | Computer Name = SONATA | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 24/11/2011 09:19:21 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée EXCEL.EXE, version 11.0.8341.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 24/11/2011 09:21:07 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée EXCEL.EXE, version 11.0.8341.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 27/11/2011 06:45:10 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 07:10:34 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée Acrobat.exe, version 9.0.0.332, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 12:08:05 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 13:14:44 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 13:24:36 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 13:29:56 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ Application Events ] Error - 24/11/2011 04:44:59 | Computer Name = SONATA | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 24/11/2011 07:38:36 | Computer Name = SONATA | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 24/11/2011 09:19:21 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée EXCEL.EXE, version 11.0.8341.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 24/11/2011 09:21:07 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée EXCEL.EXE, version 11.0.8341.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 27/11/2011 06:45:10 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 07:10:34 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée Acrobat.exe, version 9.0.0.332, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 12:08:05 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 13:14:44 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 13:24:36 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 13:29:56 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ Application Events ] Error - 24/11/2011 04:44:59 | Computer Name = SONATA | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 24/11/2011 07:38:36 | Computer Name = SONATA | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 24/11/2011 09:19:21 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée EXCEL.EXE, version 11.0.8341.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 24/11/2011 09:21:07 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée EXCEL.EXE, version 11.0.8341.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 27/11/2011 06:45:10 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 07:10:34 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée Acrobat.exe, version 9.0.0.332, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 12:08:05 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 13:14:44 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 13:24:36 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 29/11/2011 13:29:56 | Computer Name = SONATA | Source = Application Hang | ID = 1002 Description = Application bloquée WINWORD.EXE, version 11.0.8328.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ System Events ] Error - 13/04/2012 13:27:33 | Computer Name = SONATA | Source = Service Control Manager | ID = 7031 Description = Le service TeamViewer 6 s'est terminé de manière inattendue. Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service. Error - 13/04/2012 13:28:53 | Computer Name = SONATA | Source = Service Control Manager | ID = 7031 Description = Le service Windows Search s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error - 13/04/2012 13:32:06 | Computer Name = SONATA | Source = Service Control Manager | ID = 7024 Description = Le service Windows Search s'est arrêté avec l'erreur service particulière 2147749155 (0x80040D23). Error - 16/04/2012 09:43:07 | Computer Name = SONATA | Source = ipnathlp | ID = 31008 Description = L'agent proxy DNS n'a pas pu lire la liste locale des serveurs de résolution de noms à partir du registre. La donnée est le code de l'erreur. Error - 16/04/2012 09:44:24 | Computer Name = SONATA | Source = ipnathlp | ID = 31008 Description = L'agent proxy DNS n'a pas pu lire la liste locale des serveurs de résolution de noms à partir du registre. La donnée est le code de l'erreur. Error - 16/04/2012 09:44:27 | Computer Name = SONATA | Source = ipnathlp | ID = 31008 Description = L'agent proxy DNS n'a pas pu lire la liste locale des serveurs de résolution de noms à partir du registre. La donnée est le code de l'erreur. Error - 16/04/2012 11:46:35 | Computer Name = SONATA | Source = Service Control Manager | ID = 7034 Description = Le service Spouleur d'impression s'est terminé de façon inattendue pour la 1ème fois. Error - 24/04/2012 04:49:26 | Computer Name = SONATA | Source = Service Control Manager | ID = 7031 Description = Le service Windows Search s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error - 24/04/2012 04:50:10 | Computer Name = SONATA | Source = Service Control Manager | ID = 7031 Description = Le service Windows Search s'est terminé de manière inattendue. Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error - 24/04/2012 04:50:55 | Computer Name = SONATA | Source = Service Control Manager | ID = 7034 Description = Le service Windows Search s'est terminé de façon inattendue pour la 3ème fois. [ System Events ] Error - 13/04/2012 13:27:33 | Computer Name = SONATA | Source = Service Control Manager | ID = 7031 Description = Le service TeamViewer 6 s'est terminé de manière inattendue. Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service. Error - 13/04/2012 13:28:53 | Computer Name = SONATA | Source = Service Control Manager | ID = 7031 Description = Le service Windows Search s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error - 13/04/2012 13:32:06 | Computer Name = SONATA | Source = Service Control Manager | ID = 7024 Description = Le service Windows Search s'est arrêté avec l'erreur service particulière 2147749155 (0x80040D23). Error - 16/04/2012 09:43:07 | Computer Name = SONATA | Source = ipnathlp | ID = 31008 Description = L'agent proxy DNS n'a pas pu lire la liste locale des serveurs de résolution de noms à partir du registre. La donnée est le code de l'erreur. Error - 16/04/2012 09:44:24 | Computer Name = SONATA | Source = ipnathlp | ID = 31008 Description = L'agent proxy DNS n'a pas pu lire la liste locale des serveurs de résolution de noms à partir du registre. La donnée est le code de l'erreur. Error - 16/04/2012 09:44:27 | Computer Name = SONATA | Source = ipnathlp | ID = 31008 Description = L'agent proxy DNS n'a pas pu lire la liste locale des serveurs de résolution de noms à partir du registre. La donnée est le code de l'erreur. Error - 16/04/2012 11:46:35 | Computer Name = SONATA | Source = Service Control Manager | ID = 7034 Description = Le service Spouleur d'impression s'est terminé de façon inattendue pour la 1ème fois. Error - 24/04/2012 04:49:26 | Computer Name = SONATA | Source = Service Control Manager | ID = 7031 Description = Le service Windows Search s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error - 24/04/2012 04:50:10 | Computer Name = SONATA | Source = Service Control Manager | ID = 7031 Description = Le service Windows Search s'est terminé de manière inattendue. Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error - 24/04/2012 04:50:55 | Computer Name = SONATA | Source = Service Control Manager | ID = 7034 Description = Le service Windows Search s'est terminé de façon inattendue pour la 3ème fois. < End of report > --------------------------------------- Dans l'attente de te lire Merci Dadoo
  13. DadooNum
    Bonjour Bernard53, Merci pour ta réponse. Voici le rapport RogueKiller récupéré après un Scan + Supprimer. ---------- RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: numelec [Droits d'admin] Mode: Recherche -- Date: 23/04/2012 17:16:50 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (d347bus.sys @ 0xB7F8E818) SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (d347bus.sys @ 0xB7F8E7D0) SSDT[45] : NtCreatePagingFile @ 0x805AB9EE -> HOOKED (d347bus.sys @ 0xB7F82A20) SSDT[71] : NtEnumerateKey @ 0x8062493C -> HOOKED (d347bus.sys @ 0xB7F832A8) SSDT[73] : NtEnumerateValueKey @ 0x80624BA6 -> HOOKED (d347bus.sys @ 0xB7F8E910) SSDT[119] : NtOpenKey @ 0x806254CE -> HOOKED (d347bus.sys @ 0xB7F8E794) SSDT[160] : NtQueryKey @ 0x80625810 -> HOOKED (d347bus.sys @ 0xB7F832C8) SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (d347bus.sys @ 0xB7F8E866) SSDT[241] : NtSetSystemPowerState @ 0x80653E18 -> HOOKED (d347bus.sys @ 0xB7F8E0B0) _INLINE_ : NtCreatePagingFile -> HOOKED (d347bus.sys @ 0xB7F965C4) ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 mpa.one.microsoft.com ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD753LJ +++++ --- User --- [MBR] 83d21979f1bca489a7472afac19fe694 [bSP] 9ea93bfacf471b7fbb4d9d1055d1c197 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[8].txt >> -------------- Pour ZHPDiag, le scan ne va pas jusqu'au bout et il plante. Malgré un arret + redémarrage de l'ordi : même probleme. Le Message d'erreur est Lien CJoint.com 0DxrSWWYD14 Merci Dadou
  14. DadooNum
    Bonjour, On m'a oubliéééé : Virus Smart Fortress / ZeroAccess - Forums Zebulon.fr Merci d'avance pour vos réponses Dadoo
  15. DadooNum
    Bonjour à tous, Depuis le changement de la Livebox pour une Freebox il m'est impossible de reconnecter mon imprimante reseau Canon LBP5050n. Apparemment toutes les adresses locales ont été modifiées lors de la mise en route de la Freebox. Quelqu'un peut il m'aider please ? Merci Dadoo
×
×
  • Créer...