analyse combox fix

filipic · le 26 avril 2009

Bonsoir

suite à une infection virale j'ai désinfecté mon pc os windows vista mais certaine fonction notamment pare feu ne fonctionne pas aussi j'ai passé combo fix

y aurait il qq un pour analyser le rapport d'avance merci

ComboFix 09-04-25.A3 - philippe 26/04/2009 22:21.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1036 [GMT 2:00]

Lancé depuis: c:\users\philippe\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\QUAD Utilities

c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll

c:\windows\patchw32.dll

c:\windows\system32\tmp.reg

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-26 au 2009-4-26 ))))))))))))))))))))))))))))))))))))

.

2009-04-26 17:58 . 2009-04-26 17:58 0 ---ha-w C:\ntuser.dat.LOG2

2009-04-26 17:58 . 2009-04-26 17:58 0 ---ha-w C:\ntuser.dat.LOG1

2009-04-26 17:58 . 2009-04-26 17:58 0 ----a-w C:\ntuser.dat

2009-04-26 13:44 . 2009-04-26 13:56 89601 ----a-w c:\windows\system32\drivers\klick.dat

2009-04-26 13:44 . 2009-04-26 13:56 101287 ----a-w c:\windows\system32\drivers\klin.dat

2009-04-26 13:43 . 2009-04-26 20:20 491552 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-04-26 13:43 . 2009-04-26 20:20 4856 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-04-26 13:43 . 2009-04-26 13:53 -------- d-----w c:\users\All Users\Kaspersky Lab

2009-04-26 13:43 . 2009-04-26 13:53 -------- d-----w c:\programdata\Kaspersky Lab

2009-04-26 13:43 . 2009-04-26 13:43 -------- d-----w c:\program files\Kaspersky Lab

2009-04-26 08:25 . 2009-04-26 08:24 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys

2009-04-26 08:24 . 2009-04-26 11:13 -------- d-----w c:\users\philippe\.housecall6.6

2009-04-26 07:58 . 2009-04-26 07:59 -------- d-----w C:\FindyKill

2009-04-25 17:23 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-24 13:37 . 2009-04-24 13:37 -------- d-----w c:\users\All Users\Malwarebytes

2009-04-24 13:37 . 2009-04-24 13:37 -------- d-----w c:\programdata\Malwarebytes

2009-04-24 13:00 . 2009-04-24 13:00 -------- d-----w c:\program files\Zone Labs

2009-04-24 13:00 . 2009-04-24 13:00 -------- d-----w c:\users\All Users\CheckPoint

2009-04-24 13:00 . 2009-04-24 13:00 -------- d-----w c:\programdata\CheckPoint

2009-04-24 13:00 . 2009-04-24 19:32 -------- d-----w c:\users\philippe\{e7d0c725-69dd-4ed7-b2aa-55d10c5a6c6b}

2009-04-24 13:00 . 2009-04-24 13:01 -------- d-----w c:\windows\system32\ZoneLabs

2009-04-24 13:00 . 2003-10-16 13:11 70 ---ha-w c:\windows\system32\drivers\vsconfig.xml

2009-04-24 12:59 . 2009-04-24 18:03 -------- d-----w c:\windows\Internet Logs

2009-04-24 08:34 . 2009-04-24 08:34 -------- d-----w c:\users\All Users\is-BDUT7

2009-04-24 08:34 . 2009-04-24 08:34 -------- d-----w c:\programdata\is-BDUT7

2009-04-24 08:03 . 2009-04-26 13:41 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-04-24 08:03 . 2009-04-26 13:40 -------- d-----w c:\users\All Users\Spybot - Search & Destroy

2009-04-24 08:03 . 2009-04-26 13:40 -------- d-----w c:\programdata\Spybot - Search & Destroy

2009-04-23 21:32 . 2009-04-23 21:32 -------- d-----w c:\program files\CCleaner

2009-04-23 17:14 . 2009-04-25 14:42 -------- d-----w c:\program files\trend micro

2009-04-23 16:28 . 2008-02-11 14:15 360448 ----a-w c:\windows\Uninstall.exe

2009-04-23 07:01 . 2009-04-23 07:01 -------- d--h--w c:\windows\PIF

2009-04-22 20:46 . 2009-04-22 20:46 -------- d-----r c:\users\philippe\Searches

2009-04-22 20:15 . 2009-04-26 13:51 986744 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-22 20:15 . 2009-04-26 13:51 84021280 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-22 20:05 . 2009-04-22 20:06 -------- d-----w C:\TEMP

2009-04-22 19:34 . 2009-04-22 19:34 -------- d-----w c:\users\All Users\Kaspersky Lab Setup Files

2009-04-22 19:34 . 2009-04-22 19:34 -------- d-----w c:\programdata\Kaspersky Lab Setup Files

2009-04-22 09:22 . 2009-04-22 15:32 8 ----a-w c:\windows\system32\VGANGMJYMWVPD.SYS

2009-04-20 14:41 . 2009-04-20 14:41 -------- d-----w c:\users\All Users\Apple Computer

2009-04-20 14:41 . 2009-04-20 14:41 -------- d-----w c:\programdata\Apple Computer

2009-04-20 14:39 . 2009-04-20 14:39 -------- d-----w c:\program files\Apple Software Update

2009-04-20 14:39 . 2009-04-20 14:39 -------- d-----w c:\users\All Users\Apple

2009-04-20 14:39 . 2009-04-20 14:39 -------- d-----w c:\programdata\Apple

2009-04-19 18:03 . 2006-11-02 05:21 319456 ----a-w c:\windows\system32\drivers\DIFxAPI.dll

2009-04-19 18:03 . 2009-04-23 16:28 -------- d-----w c:\program files\DevGuru

2009-04-13 10:13 . 2002-08-18 17:43 794624 ----a-w c:\windows\system32\spr32d35.dll

2009-04-08 07:38 . 2009-04-08 07:38 -------- d-----w c:\users\philippe\AppData\Local\Activision

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-26 20:08 . 2008-05-27 19:24 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5

2009-04-26 13:58 . 2008-01-21 08:40 672084 ----a-w c:\windows\System32\perfh00C.dat

2009-04-26 13:58 . 2008-01-21 08:40 124228 ----a-w c:\windows\System32\perfc00C.dat

2009-04-26 13:56 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-04-26 13:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

2009-04-26 13:43 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

2009-04-26 13:43 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat

2009-04-26 08:01 . 2009-04-25 09:36 3891 ----a-w C:\rapport.txt

2009-04-26 07:59 . 2009-04-23 16:58 1794 ----a-w C:\FindyKill.txt

2009-04-25 17:23 . 2009-04-24 13:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-25 16:56 . 2008-09-15 14:50 -------- d-----w c:\program files\Common Files\Sony Shared

2009-04-25 16:55 . 2009-03-11 18:13 -------- d-----w c:\program files\PyGrenouille

2009-04-25 14:30 . 2009-04-25 14:30 2031 ----a-w C:\TB.txt

2009-04-25 07:26 . 2009-04-25 07:26 -------- d-----w c:\programdata\is-3NBFB

2009-04-25 07:11 . 2009-04-25 07:11 -------- d-----w c:\programdata\is-RBL5H

2009-04-24 19:32 . 2008-06-07 21:30 -------- d-----w c:\programdata\FLEXnet

2009-04-24 18:52 . 2009-04-24 18:52 603904 ----a-w c:\windows\System32\TUProgSt.exe

2009-04-24 18:52 . 2009-04-24 18:52 360192 ----a-w c:\windows\System32\TuneUpDefragService.exe

2009-04-24 18:52 . 2009-04-24 18:52 -------- d-----w c:\program files\TuneUp Utilities 2009

2009-04-24 18:52 . 2008-08-22 17:17 -------- d-----w c:\programdata\TuneUp Software

2009-04-24 18:51 . 2009-04-24 18:51 -------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

2009-04-24 13:37 . 2009-04-24 13:37 -------- d-----w c:\users\philippe\AppData\Roaming\Malwarebytes

2009-04-23 15:05 . 2008-05-27 17:50 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-04-23 14:55 . 2009-03-16 12:43 -------- d-----w c:\program files\TallStick

2009-04-23 09:34 . 2008-06-09 15:14 -------- d-----w c:\program files\Java

2009-04-22 21:38 . 2008-05-27 18:08 -------- d-----w c:\program files\Google

2009-04-20 14:41 . 2008-05-27 18:09 -------- d-----w c:\program files\QuickTime

2009-04-17 06:40 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-17 06:37 . 2008-06-08 07:39 -------- d-----w c:\programdata\Microsoft Help

2009-04-13 10:05 . 2008-05-27 17:44 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-06 13:32 . 2009-04-25 17:23 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-18 09:27 . 2008-05-27 18:39 1539 ---ha-w C:\IPH.PH

2009-03-17 03:38 . 2009-04-17 05:48 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-17 03:38 . 2009-04-17 05:48 13824 ----a-w c:\windows\System32\apilogen.dll

2009-03-17 03:38 . 2009-04-17 05:48 24064 ----a-w c:\windows\System32\amxread.dll

2009-03-16 10:29 . 2009-03-16 08:30 -------- d-----w c:\program files\M-Audio

2009-03-12 20:24 . 2009-03-12 15:27 -------- d-----w c:\program files\flatpick_guitar_solos

2009-03-12 17:55 . 2009-03-12 15:27 -------- d-----w c:\program files\Jazz_Guitar_Solos_Vol_1-4

2009-03-12 15:26 . 2009-03-12 15:26 -------- d-----w c:\program files\Roland

2009-03-12 15:26 . 2009-03-08 17:54 -------- d-----w c:\program files\PowerTracks DirectX Plugins

2009-03-09 10:18 . 2009-01-06 18:04 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-03-09 03:19 . 2008-11-27 21:42 410984 ----a-w c:\windows\System32\deploytk.dll

2009-03-08 20:25 . 2008-05-27 12:09 121328 ----a-w c:\users\philippe\AppData\Local\GDIPFONTCACHEV1.DAT

2009-03-03 04:46 . 2009-04-17 05:48 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-17 05:48 3547632 ----a-w c:\windows\System32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-17 05:47 827392 ----a-w c:\windows\System32\wininet.dll

2009-03-03 04:39 . 2009-04-17 05:48 183296 ----a-w c:\windows\System32\sdohlp.dll

2009-03-03 04:39 . 2009-04-17 05:48 551424 ----a-w c:\windows\System32\rpcss.dll

2009-03-03 04:39 . 2009-04-17 05:48 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-17 05:47 78336 ----a-w c:\windows\System32\ieencode.dll

2009-03-03 04:37 . 2009-04-17 05:48 98304 ----a-w c:\windows\System32\iasrecst.dll

2009-03-03 04:37 . 2009-04-17 05:48 54784 ----a-w c:\windows\System32\iasads.dll

2009-03-03 04:37 . 2009-04-17 05:48 44032 ----a-w c:\windows\System32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-17 05:48 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-17 05:48 17408 ----a-w c:\windows\System32\iashost.exe

2009-03-03 02:28 . 2009-04-17 05:47 26624 ----a-w c:\windows\System32\ieUnatt.exe

2009-02-28 13:59 . 2008-06-15 07:18 -------- d-----w c:\program files\Microsoft Silverlight

2009-02-26 07:27 . 2008-10-02 08:01 92 ----a-w C:\ResumeOmgApDeliveryMgrCntrl_SonicStage_EmdDownloadObj.dmf

2009-02-13 08:49 . 2009-04-17 05:48 72704 ----a-w c:\windows\System32\secur32.dll

2009-02-13 08:49 . 2009-04-17 05:48 1255936 ----a-w c:\windows\System32\lsasrv.dll

2009-02-09 03:10 . 2009-03-11 10:15 2033152 ----a-w c:\windows\System32\win32k.sys

2008-11-21 20:46 . 2008-05-27 12:09 680 ----a-w c:\users\philippe\AppData\Local\d3d9caps.dat

2008-05-27 18:38 . 2008-05-27 18:38 278528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe

2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-26 206088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"FilterAdministratorToken"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"Midi1"= ma_cmidn.dll

"midi2"= ma_cmidn.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\philippe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3490844800-2526622719-56122817-1000]

"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{82BE34AE-4933-4343-81B7-4EE8287FD4D7}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{B9856AD5-A8AB-4E37-82C1-4E15590F2BCC}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{B3311827-7CF1-41E5-A02E-032FB9AFCBEE}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{38876953-9DFD-437C-BB63-8F11F26638F8}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{2EA4FE07-BB43-43E7-9D16-3D055F2F58A7}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{5D4179D0-D25D-4FD2-BF06-D96D367C2AA1}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0B0C29FD-A8B2-4C04-8456-379DD1140AD7}c:\\program files\\asus\\asusupdate\\update.exe"= UDP:c:\program files\asus\asusupdate\update.exe:ASUS Windows Platform Flash Program

"UDP Query User{9D32D68C-183E-42B0-A61E-0E7742514B7F}c:\\program files\\asus\\asusupdate\\update.exe"= TCP:c:\program files\asus\asusupdate\update.exe:ASUS Windows Platform Flash Program

"TCP Query User{6544B09D-3AEA-414B-8EAC-6D23F7168242}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule

"UDP Query User{AF660EAF-67E3-42AE-8AED-1C356AB8D9CC}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule

"{99F41F10-D73B-41E8-B3A1-17A2A31F1803}"= TCP:6004|f:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{D0F25985-0784-4A84-91A6-BCC81907A19F}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"UDP Query User{4227C1DA-55CC-4BC9-93C8-D4756B6DE925}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"TCP Query User{DE03BA7E-AA00-496C-BEA0-0034B8770933}e:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= UDP:e:\program files\autodesk\maya2008\bin\maya.exe:Maya

"UDP Query User{8826D73D-BE0E-4A2F-B8F8-0BDA18E417A5}e:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= TCP:e:\program files\autodesk\maya2008\bin\maya.exe:Maya

"{63E6EBC6-9835-4DFA-83C2-4D09D1436B2B}"= UDP:3703:Adobe Version Cue CS3 Server

"{A48C064C-48EA-41A9-A7FF-54F1C0CA9832}"= UDP:3704:Adobe Version Cue CS3 Server

"{8894FDD2-CDC7-45EC-8314-F78B1A0608DB}"= UDP:50900:Adobe Version Cue CS3 Server

"{AED4CAE2-686D-4424-9211-86C2AD93694E}"= UDP:50901:Adobe Version Cue CS3 Server

"{F76A0FAC-FFCD-4501-91BB-922F8DE184CE}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{287710EE-64FB-4E05-B888-C34103E4FAF2}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{BE415417-EDE2-4C9A-843A-52D6FB7369C2}"= UDP:f:\program files\Midway Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold

"{9FE68C3A-863D-4E1A-AB20-0D79EF87D32A}"= TCP:f:\program files\Midway Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold

"TCP Query User{CBA894AE-A108-4C22-BBA6-39927BA710A6}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox

"UDP Query User{D079768A-115B-4404-BC5F-637D434B856C}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox

"{673443E1-39F0-46FE-A9EA-B50F9095105E}"= TCP:5555:codename panzer phase two

"{45032685-B555-494E-BD27-3781F0AD8748}"= TCP:6500:codename panzer phase two

"TCP Query User{2B1089DC-8FCF-4676-A4AF-AF2F75419940}f:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:f:\program files\codemasters\dirt\dirt.exe:DiRT Executable

"UDP Query User{98E27576-A928-45B3-AC2E-3E115B9FCA36}f:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:f:\program files\codemasters\dirt\dirt.exe:DiRT Executable

"{AF463ACD-6268-42CE-936B-FBB74D726176}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL

"{9C700889-6942-4F0D-B61E-5FB6560EF5AC}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL

"{7AE4BC2D-FE44-49CA-9969-9FD3F6F7F2AD}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL

"{2EF49734-6393-49C9-9CC7-1B4449AFB9E1}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL

"{1F140278-CB35-4429-9994-41E10F3D50B6}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL

"{3B342FFF-3EF2-480E-B4F3-F5FEFFBE56C6}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL

"{069867E0-7C30-4182-A8C3-6445C5F4C08A}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL

"{F8DB3EB7-9BDA-47CA-818F-10FB87D01490}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL

"{6CC94736-CE83-46FD-8DA1-DDE3A0664BF3}"= UDP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game

"{A0FABE77-B27E-4700-9FFB-635E71F25FAE}"= TCP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game

"TCP Query User{4AF73285-82CB-445E-9BF2-3BD0C211AF50}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{83B65AC8-0EBF-4DF3-82CF-0FBDF8BB7E47}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"TCP Query User{9E31C8C7-180C-451B-A604-C0C2EBB8666B}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule

"UDP Query User{EE29DF40-2F78-431D-8839-4EC9124B64FF}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule

"TCP Query User{8F9F8652-EEF4-4C8A-8E29-A9820FED763D}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox

"UDP Query User{562B984F-A933-4E92-AB04-25503C75FEA5}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox

"{02F9402E-C269-41AD-975E-F013080CD2B1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{BEFAB70F-EA41-4CD9-8D23-8FF6A57E2C78}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{B133BB5D-6B44-44EF-A86E-9B28B548E9D6}e:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= UDP:e:\program files\autodesk\maya2008\bin\maya.exe:Maya

"UDP Query User{8B62F8DA-6BAF-4919-9DF8-C86F987BB212}e:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= TCP:e:\program files\autodesk\maya2008\bin\maya.exe:Maya

"{D876AF7B-4098-4724-893B-DD73150ED637}"= UDP:g:\program files\POP\Prince of Persia.exe:Prince of Persia Dx

"{16B70872-E6BC-482D-B4D3-C3C87F5B7A87}"= TCP:g:\program files\POP\Prince of Persia.exe:Prince of Persia Dx

"{B2361C64-A920-494E-A669-A5204D82DE01}"= UDP:g:\program files\POP\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"{F62128CB-B23B-4B80-9401-3EEAA3DB3086}"= TCP:g:\program files\POP\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"{AF4FE98B-83F0-4E57-9846-6FA5F670D58F}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

"{2D8BB0E7-DB1B-43E3-B52D-F0A4D921F956}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

"{253DCC9D-D8FF-42A2-87FD-C425C54E3B51}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{B8DD9EFB-B2DA-43AA-99BB-81EFA6E69C1E}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{55502D65-4DA7-43B8-95FF-3D5AFF62E4F2}"= UDP:D:\eSKernel.exe:Bbox assistant d'installation

"{12048843-3BD1-47C8-89B1-97DCDBF363B4}"= TCP:D:\eSKernel.exe:Bbox assistant d'installation

"{19FBC3BC-6650-40E0-B77C-7CE2811E43B1}"= UDP:c:\program files\Bbox\eSKernel.exe:Bbox assistant d'installation

"{F257F989-B8A0-45B9-B961-AF538B98276A}"= TCP:c:\program files\Bbox\eSKernel.exe:Bbox assistant d'installation

"{821F4A91-E0A2-47A7-B2A6-407C972FFFA3}"= UDP:c:\program files\BboxUpdate\BTLiveUpdate.exe:Bbox - Bouygues Telecom - Utilitaire de mise à jour

"{84D9B540-3129-458D-8115-460882584CC8}"= TCP:c:\program files\BboxUpdate\BTLiveUpdate.exe:Bbox - Bouygues Telecom - Utilitaire de mise à jour

"{B05C4E34-4947-4EFC-B92A-6C6D7B8DEDE3}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{9DBF6F08-053B-4B3C-A68B-AF682B8DE46E}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{7216C4D1-8372-49E7-B138-034ABFBE8786}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

"{CF08E275-8933-4B29-AD93-FA7C71133FA9}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; [x]

R2 aqadmin32;Advanced Queue Admin DLL; [x]

R3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744]

R3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]

R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]

R3 utqwmja3;AVZ Kernel Driver; [x]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-26 33808]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]

S2 eStantLaunchService;BboxUpdate;c:\program files\BboxUpdate\eSRunService.exe [2008-04-29 20480]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-24 603904]

S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-15 552448]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - AUJASNKJ

*NewlyCreated* - KL1

*NewlyCreated* - KLBG

*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{024c2344-34cb-11dd-b6c7-00038a000015}]

\shell\AutoRun\command - H:\CDStart.exe introduction.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54bcf6ab-1cd9-11de-a2a3-001e8c3d4f2e}]

\shell\AutoRun\command - K:\CDStart.exe introduction.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d231a166-300b-11dd-95b8-806e6f6e6963}]

\shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dab16944-f9e1-11dd-91d7-001e8c3d4f2e}]

\shell\AutoRun\command - I:\CDStart.exe introduction.htm

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contenu du dossier 'Tâches planifiées'

2009-04-26 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-08-22 09:08]

2009-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3490844800-2526622719-56122817-1000.job

- c:\users\philippe\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 12:49]

2009-04-26 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:04]

2009-04-26 c:\windows\Tasks\User_Feed_Synchronization-{7BFAD933-86D6-4534-A14F-D0AE62CDD42C}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html

IE: Ajouter au fichier PDF existant - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir en Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien en Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien en un fichier PDF existant - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir la sélection en Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la sélection en un fichier PDF existant - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir les liens sélectionnés en fichier Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convertir les liens sélectionnés en un fichier PDF existant - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xporter vers Microsoft Excel - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Transfert par Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

FF - ProfilePath - c:\users\philippe\AppData\Roaming\Mozilla\Firefox\Profiles\vjys05xg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=ign_n&refresh=1

FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll

FF - component: c:\users\philippe\AppData\Roaming\Mozilla\Firefox\Profiles\vjys05xg.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll

FF - component: c:\users\philippe\AppData\Roaming\Mozilla\Firefox\Profiles\vjys05xg.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll

FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npriff.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\users\philippe\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: f:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-26 22:24

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

Heure de fin: 2009-04-26 22:25

ComboFix-quarantined-files.txt 2009-04-26 20:25

Avant-CF: 73 408 090 112 octets libres

Après-CF: 74 028 691 456 octets libres

356 --- E O F --- 2009-04-23 20:59

pear · le 27 avril 2009

Bonjour

Bagle a détruit vos protections.

Vous devez tout désinstaller et réinstaller.

Cet outil est conçu pour traiter les infections de type "Lop , Cid, Trojan Swizzor" , il peut indiquer des Fichiers / Dossiers légitimes !

Désactiver les protections résidentes ( Antivirus, etc...), vous les réactiverez ensuite,

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Télécharger Lop S&D de Eric71

sur le bureau,

* Double-cliquer dessus pour lancer l'installation

* Puis double-cliquer sur le raccourci Lop S&D présent sur le bureau

* Séléctionner la langue souhaitée , puis choisir l'Option 1:Recherche

* En cas de blocage au démarrage

Démarrer / Exécuter / cmd

Copiez/collez, dans la fenêtre del /Q "%systemdrive%\Lop SD\osv.exe" & "%systemdrive%\Lop SD\lopsd.cmd"

et valider , il devrait se lancer tout seul ,

* Patienter jusqu'à la fin du scan

* Poster le rapport généré (C:\lopR.txt)

( Si le Bureau ne réapparait pas

presser Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , taper explorer.exe et valider )

Relancer Lop S&D

* Choisir l'Option 2 :Suppression

* Ne fermez pas la fenêtre lors de la suppression !

* Poster le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparaît pas presser Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , taper explorer.exe et valider)

filipic · le 27 avril 2009

merci j' ai démarré lop sd par contre j'ai un message l'utilitaire (qgrep)de recherche de chaine de caractére a cessé se fonctionner ?

filipic · le 27 avril 2009

ci apres rapport merci pour votre aide

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

"C:\Users\philippe" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 27/04/2009|20:45 )

[ UAC => 0 ]

--------------------\\

[26/04/2009|13:13] \.housecall6.6

[24/04/2009|21:32] \{e7d0c725-69dd-4ed7-b2aa-55d10c5a6c6b}

[26/04/2009|22:15] \AppData

[27/05/2008|14:09] \Application Data

[27/05/2008|14:09] \Contacts

[27/05/2008|14:09] \Cookies

[27/04/2009|20:43] \desktop

[27/04/2009|15:18] \Documents

[27/04/2009|20:43] \Downloads

[05/10/2008|14:08] \dwhelper

[27/04/2009|00:40] \Favorites

[27/05/2008|14:09] \Links

[27/05/2008|14:09] \Local Settings

[27/05/2008|14:09] \Menu Démarrer

[27/05/2008|14:09] \Mes documents

[27/05/2008|14:09] \Modèles

[08/03/2009|20:15] \Music

[27/04/2009|20:45] \ntuser.dat

[27/04/2009|20:45] \ntuser.dat.LOG1

[27/05/2008|14:09] \ntuser.dat.LOG2

[07/11/2008|18:20] \ntuser.dat_previous

[07/11/2008|18:17] \NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[07/11/2008|18:17] \NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[27/05/2008|14:13] \NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[24/04/2009|20:24] \NTUSER.DAT{59f55454-ace6-11dd-a78b-00038a000015}.TM.blf

[24/04/2009|20:24] \NTUSER.DAT{59f55454-ace6-11dd-a78b-00038a000015}.TMContainer00000000000000000001.regtrans-ms

[07/11/2008|18:21] \NTUSER.DAT{59f55454-ace6-11dd-a78b-00038a000015}.TMContainer00000000000000000002.regtrans-ms

[27/04/2009|19:29] \ntuser.dat{692e58dd-3348-11de-8b69-001e8c3d4f2e}.TM.blf

[27/04/2009|19:29] \ntuser.dat{692e58dd-3348-11de-8b69-001e8c3d4f2e}.TMContainer00000000000000000001.regtrans-ms

[27/04/2009|18:42] \ntuser.dat{692e58dd-3348-11de-8b69-001e8c3d4f2e}.TMContainer00000000000000000002.regtrans-ms

[26/04/2009|07:09] \ntuser.dat{72c48050-30fe-11de-8f50-0015af50764e}.TM.blf

[26/04/2009|07:09] \ntuser.dat{72c48050-30fe-11de-8f50-0015af50764e}.TMContainer00000000000000000001.regtrans-ms

[24/04/2009|21:09] \ntuser.dat{72c48050-30fe-11de-8f50-0015af50764e}.TMContainer00000000000000000002.regtrans-ms

[27/04/2009|18:21] \ntuser.dat{c34fe350-31bf-11de-b604-001e8c3d4f2e}.TM.blf

[27/04/2009|18:21] \ntuser.dat{c34fe350-31bf-11de-b604-001e8c3d4f2e}.TMContainer00000000000000000001.regtrans-ms

[26/04/2009|07:25] \ntuser.dat{c34fe350-31bf-11de-b604-001e8c3d4f2e}.TMContainer00000000000000000002.regtrans-ms

[27/05/2008|14:09] \ntuser.ini

[27/04/2009|20:45] \paths.bat

[26/04/2009|20:56] \Pictures

[27/05/2008|14:09] \Recent

[28/05/2008|22:45] \Saved Games

[22/04/2009|22:46] \Searches

[27/05/2008|14:09] \SendTo

[27/06/2008|22:38] \TaoUSign

[22/09/2008|13:43] \Videos

[27/05/2008|14:09] \Voisinage d'impression

[27/05/2008|14:09] \Voisinage réseau

--------------------\\

[26/04/2009 22:29][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3490844800-2526622719-56122817-1000.job

[27/04/2009 20:37][--a------] C:\Windows\tasks\GlaryInitialize.job

[27/04/2009 20:37][--a------] C:\Windows\tasks\Maintenance en 1 clic.job

[27/04/2009 18:31][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{7BFAD933-86D6-4534-A14F-D0AE62CDD42C}.job

[27/04/2009 20:37][--ah-----] C:\Windows\tasks\SA.DAT

[27/04/2009 18:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\

[24/04/2009|20:51] C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}

[06/01/2009|20:04] C:\ProgramData\Adobe

[30/05/2008|16:00] C:\ProgramData\Ahead

[13/06/2008|20:58] C:\ProgramData\ALM

[06/01/2009|11:08] C:\ProgramData\AOL

[21/06/2008|19:04] C:\ProgramData\AOL Downloads

[20/04/2009|16:39] C:\ProgramData\Apple

[20/04/2009|16:41] C:\ProgramData\Apple Computer

[02/11/2006|15:02] C:\ProgramData\Application Data

[27/05/2008|14:08] C:\ProgramData\Bureau

[24/04/2009|15:00] C:\ProgramData\CheckPoint

[02/11/2006|15:02] C:\ProgramData\Desktop

[02/11/2006|15:02] C:\ProgramData\Documents

[25/08/2008|21:12] C:\ProgramData\eMule

[27/05/2008|14:08] C:\ProgramData\Favoris

[02/11/2006|15:02] C:\ProgramData\Favorites

[27/04/2009|19:27] C:\ProgramData\FLEXnet

[22/04/2009|23:37] C:\ProgramData\Google

[08/06/2008|17:31] C:\ProgramData\Installations

[27/05/2008|20:06] C:\ProgramData\InstallShield

[25/04/2009|09:26] C:\ProgramData\is-3NBFB

[24/04/2009|10:34] C:\ProgramData\is-BDUT7

[25/04/2009|09:11] C:\ProgramData\is-RBL5H

[27/04/2009|20:38] C:\ProgramData\Kaspersky Lab

[22/04/2009|21:34] C:\ProgramData\Kaspersky Lab Setup Files

[30/05/2008|19:34] C:\ProgramData\LightScribe

[24/04/2009|15:37] C:\ProgramData\Malwarebytes

[26/12/2008|14:58] C:\ProgramData\Media Center Programs

[27/05/2008|14:08] C:\ProgramData\Menu Démarrer

[05/09/2008|21:40] C:\ProgramData\Microsoft

[17/04/2009|08:37] C:\ProgramData\Microsoft Help

[27/05/2008|14:08] C:\ProgramData\Modèles

[30/05/2008|15:57] C:\ProgramData\Nero

[08/11/2008|20:53] C:\ProgramData\ntuser.pol

[21/11/2008|22:53] C:\ProgramData\NVIDIA

[08/06/2008|17:35] C:\ProgramData\PC Suite

[27/05/2008|19:45] C:\ProgramData\SonicFocus

[02/10/2008|09:59] C:\ProgramData\Sony Corporation

[26/04/2009|15:40] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|15:02] C:\ProgramData\Start Menu

[05/09/2008|21:40] C:\ProgramData\Symantec

[02/11/2006|15:02] C:\ProgramData\Templates

[26/12/2008|15:04] C:\ProgramData\THQ

[24/04/2009|20:52] C:\ProgramData\TuneUp Software

[29/05/2008|19:38] C:\ProgramData\Ubisoft

[27/05/2008|20:42] C:\ProgramData\Viewpoint

--------------------\\

[24/08/2008|17:49] C:\Program Files\Adobe

[21/11/2008|22:50] C:\Program Files\AGEIA Technologies

[17/06/2008|22:03] C:\Program Files\Alias

[26/08/2008|14:31] C:\Program Files\Alwil Software

[24/10/2008|20:02] C:\Program Files\AmazingMIDI

[27/05/2008|19:45] C:\Program Files\Analog Devices

[21/06/2008|19:04] C:\Program Files\AOL

[20/04/2009|16:39] C:\Program Files\Apple Software Update

[12/06/2008|20:58] C:\Program Files\ASUS

[06/01/2009|11:34] C:\Program Files\Bbox

[06/01/2009|11:34] C:\Program Files\BboxUpdate

[13/06/2008|20:49] C:\Program Files\Bonjour

[06/01/2009|20:04] C:\Program Files\Bouygues Telecom Mes services en un clic

[23/04/2009|23:32] C:\Program Files\CCleaner

[26/04/2009|22:22] C:\Program Files\Common Files

[27/05/2008|19:45] C:\Program Files\Creative

[07/06/2008|21:51] C:\Program Files\DAEMON Tools Lite

[23/04/2009|18:28] C:\Program Files\DevGuru

[08/06/2008|17:33] C:\Program Files\DIFX

[27/05/2008|20:01] C:\Program Files\Express Gate

[25/12/2008|02:09] C:\Program Files\Fender Musical Instruments

[07/06/2008|23:54] C:\Program Files\ffdshow

[12/03/2009|22:24] C:\Program Files\flatpick_guitar_solos

[22/08/2008|19:27] C:\Program Files\Glary Utilities

[13/06/2008|16:47] C:\Program Files\GLOBEtrotter Software Inc

[22/04/2009|23:38] C:\Program Files\Google

[13/04/2009|12:05] C:\Program Files\InstallShield Installation Information

[27/05/2008|19:37] C:\Program Files\Intel

[17/04/2009|08:40] C:\Program Files\Internet Explorer

[27/04/2009|00:40] C:\Program Files\IObit

[24/12/2008|22:50] C:\Program Files\JAMMER SongMaker 5

[23/04/2009|11:34] C:\Program Files\Java

[12/03/2009|19:55] C:\Program Files\Jazz_Guitar_Solos_Vol_1-4

[26/04/2009|15:43] C:\Program Files\Kaspersky Lab

[27/05/2008|20:42] C:\Program Files\Learn2.com

[25/04/2009|19:23] C:\Program Files\Malwarebytes' Anti-Malware

[27/05/2008|20:01] C:\Program Files\Marvell

[16/03/2009|12:29] C:\Program Files\M-Audio

[02/11/2006|14:37] C:\Program Files\Microsoft Games

[28/02/2009|15:59] C:\Program Files\Microsoft Silverlight

[08/06/2008|09:42] C:\Program Files\Microsoft Visual Studio

[06/01/2009|11:15] C:\Program Files\Microsoft Visual Studio 8

[08/06/2008|09:42] C:\Program Files\Microsoft Works

[08/06/2008|09:42] C:\Program Files\Microsoft.NET

[21/01/2008|04:35] C:\Program Files\Movie Maker

[22/08/2008|19:27] C:\Program Files\Mozilla Firefox

[27/04/2009|20:40] C:\Program Files\Mozilla Firefox 3 Beta 5

[06/01/2009|11:15] C:\Program Files\MP3 WAV Converter

[08/06/2008|09:42] C:\Program Files\MSBuild

[30/05/2008|15:57] C:\Program Files\Nero

[08/06/2008|17:33] C:\Program Files\PC Connectivity Solution

[25/12/2008|20:48] C:\Program Files\Power Tab Software

[12/03/2009|17:26] C:\Program Files\PowerTracks DirectX Plugins

[27/04/2009|19:27] C:\Program Files\PyGrenouille

[20/04/2009|16:41] C:\Program Files\QuickTime

[27/05/2008|20:09] C:\Program Files\Real

[27/05/2008|18:58] C:\Program Files\Realtek

[02/11/2006|14:37] C:\Program Files\Reference Assemblies

[08/06/2008|10:25] C:\Program Files\Ressources Windows Mobile

[12/03/2009|17:26] C:\Program Files\Roland

[20/12/2008|22:51] C:\Program Files\Sibelius Software

[15/09/2008|16:54] C:\Program Files\Sony

[26/04/2009|15:41] C:\Program Files\Spybot - Search & Destroy

[23/04/2009|16:55] C:\Program Files\TallStick

[06/01/2009|11:19] C:\Program Files\Techcity

[15/01/2009|23:12] C:\Program Files\The KMPlayer FR

[02/06/2008|23:14] C:\Program Files\Tomb Raider - Anniversary

[25/04/2009|16:42] C:\Program Files\trend micro

[24/04/2009|20:52] C:\Program Files\TuneUp Utilities 2009

[29/05/2008|19:29] C:\Program Files\Ubisoft

[27/04/2009|19:27] C:\Program Files\Unlocker

[27/05/2008|20:42] C:\Program Files\Viewpoint

[21/01/2008|04:35] C:\Program Files\Windows Calendar

[21/01/2008|04:35] C:\Program Files\Windows Collaboration

[21/01/2008|04:35] C:\Program Files\Windows Defender

[27/04/2009|19:27] C:\Program Files\Windows Journal

[17/04/2009|08:40] C:\Program Files\Windows Mail

[12/03/2009|08:07] C:\Program Files\Windows Media Player

[06/01/2009|11:15] C:\Program Files\Windows NT

[21/01/2008|04:35] C:\Program Files\Windows Photo Gallery

[06/01/2009|11:15] C:\Program Files\Windows Sidebar

--------------------\\

[06/01/2009|11:15] C:\Program Files\Common Files\Adobe

[09/03/2009|12:18] C:\Program Files\Common Files\Adobe AIR

[30/05/2008|15:59] C:\Program Files\Common Files\Ahead

[13/06/2008|16:42] C:\Program Files\Common Files\Alias Shared

[06/01/2009|11:15] C:\Program Files\Common Files\AOL

[27/05/2008|20:42] C:\Program Files\Common Files\aolback

[13/06/2008|16:42] C:\Program Files\Common Files\Autodesk Shared

[13/06/2008|21:00] C:\Program Files\Common Files\Control Panels

[08/06/2008|09:42] C:\Program Files\Common Files\DESIGNER

[13/06/2008|16:41] C:\Program Files\Common Files\InstallShield

[09/06/2008|17:11] C:\Program Files\Common Files\Java

[30/05/2008|16:02] C:\Program Files\Common Files\LightScribe

[13/06/2008|20:46] C:\Program Files\Common Files\Macrovision Shared

[06/01/2009|11:15] C:\Program Files\Common Files\microsoft shared

[27/05/2008|20:41] C:\Program Files\Common Files\Nullsoft

[27/05/2008|20:09] C:\Program Files\Common Files\Real

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[25/04/2009|18:56] C:\Program Files\Common Files\Sony Shared

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[23/04/2009|17:05] C:\Program Files\Common Files\Symantec Shared

[08/06/2008|09:40] C:\Program Files\Common Files\System

[27/05/2008|20:07] C:\Program Files\Common Files\Ulead

[21/11/2008|22:50] C:\Program Files\Common Files\Wise Installation Wizard

[27/05/2008|20:09] C:\Program Files\Common Files\xing shared

--------------------\\ Process

... OK !

--------------------\\

Commande ECHO désactivée.

--------------------\\

Commande ECHO désactivée.

--------------------\\

..... OK !

--------------------\\

Commande ECHO désactivée.

--------------------\\

Commande ECHO désactivée.

[F:11][D:8]-> C:\Users\philippe\AppData\Local\Temp

[F:3][D:4]-> C:\$Recycle.Bin

1 - "C:\Users\philippe\LopR_1.txt" - 27/04/2009|20:45 - Option : [1]

Modifié le 28 avril 2009 par filipic

filipic · le 27 avril 2009

rapport après desinfection

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

"C:\Users\philippe" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 27/04/2009|21:41 )

[ UAC => 1 ]

--------------------\\

[26/04/2009|13:13] \.housecall6.6

[24/04/2009|21:32] \{e7d0c725-69dd-4ed7-b2aa-55d10c5a6c6b}

[26/04/2009|22:15] \AppData

[27/05/2008|14:09] \Application Data

[27/05/2008|14:09] \Contacts

[27/05/2008|14:09] \Cookies

[27/04/2009|20:43] \desktop

[27/04/2009|15:18] \Documents

[27/04/2009|20:43] \Downloads

[05/10/2008|14:08] \dwhelper

[27/04/2009|00:40] \Favorites

[27/05/2008|14:09] \Links

[27/05/2008|14:09] \Local Settings

[27/04/2009|20:45] \LopR_1.txt

[27/05/2008|14:09] \Menu Démarrer

[27/05/2008|14:09] \Mes documents

[27/05/2008|14:09] \Modèles

[08/03/2009|20:15] \Music

[27/04/2009|21:41] \ntuser.dat

[27/04/2009|21:41] \ntuser.dat.LOG1