Problèmes sur google
Fermé
theodiablo
Messages postés
53
Date d'inscription
mardi 5 février 2008
Statut
Membre
Dernière intervention
22 avril 2009
-
19 avril 2009 à 14:18
theodiablo - 26 avril 2009 à 20:24
theodiablo - 26 avril 2009 à 20:24
A voir également:
- Problèmes sur google
- Dns google - Guide
- Google maps satellite - Guide
- Google earth - Télécharger - 3D
- Créer un compte google - Guide
- Google meet pour pc - Télécharger - Messagerie
13 réponses
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
19 avril 2009 à 21:31
19 avril 2009 à 21:31
Bonjour,
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
theodiablo
Messages postés
53
Date d'inscription
mardi 5 février 2008
Statut
Membre
Dernière intervention
22 avril 2009
20 avril 2009 à 20:44
20 avril 2009 à 20:44
excusez moi, j'ai créé un autre sujet parceque je pensais que celui-là avait été supprimé... je n'avais pas vu que vous m'aviez répondu.
J'ai une autre personne qui s'occupe de moi. désolé de vous avoir dérangé
J'ai une autre personne qui s'occupe de moi. désolé de vous avoir dérangé
Trying2
Messages postés
7094
Date d'inscription
dimanche 13 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
15 octobre 2015
236
20 avril 2009 à 21:57
20 avril 2009 à 21:57
Hello vous 2,
Tu ferais mieux de rester avec Anthony5151, s'il est toujours d'accord pour te prendre en charge.
Il sera plus qualifié pour tes soucis...
@+
En tous cas merci théodiablo d'être passé.
Tu ferais mieux de rester avec Anthony5151, s'il est toujours d'accord pour te prendre en charge.
Il sera plus qualifié pour tes soucis...
@+
En tous cas merci théodiablo d'être passé.
theodiablo
Messages postés
53
Date d'inscription
mardi 5 février 2008
Statut
Membre
Dernière intervention
22 avril 2009
20 avril 2009 à 23:49
20 avril 2009 à 23:49
Suite aux conseils avisés de darkpoet et Trying2, je souhaiterais savoir si vous pouviez reprendre mon sujet,
j'en ai posté un autre où on m'a dit que vous seriez plus qualifié pour m'aider : /forum/affich-12081709-google-pirate?#17/
Merci
ps: je ne pourrais pas répondre avant demain après midi
j'en ai posté un autre où on m'a dit que vous seriez plus qualifié pour m'aider : /forum/affich-12081709-google-pirate?#17/
Merci
ps: je ne pourrais pas répondre avant demain après midi
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
21 avril 2009 à 05:13
21 avril 2009 à 05:13
Bonjour à vous deux,
Theodiablo, je suis d'accord pour t'aider du moment que Darkpoet et Trying2 sont d'accord, et que tu ne continues pas ailleurs.
Les redirections des recherches sur Google correspondent généralement à un rootkit (ce qui explique qu'on ne voit rien de néfaste sur le rapport hijackthis), il faut donc utiliser Combofix --> voir message 1.
Theodiablo, je suis d'accord pour t'aider du moment que Darkpoet et Trying2 sont d'accord, et que tu ne continues pas ailleurs.
Les redirections des recherches sur Google correspondent généralement à un rootkit (ce qui explique qu'on ne voit rien de néfaste sur le rapport hijackthis), il faut donc utiliser Combofix --> voir message 1.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
theodiablo
Messages postés
53
Date d'inscription
mardi 5 février 2008
Statut
Membre
Dernière intervention
22 avril 2009
21 avril 2009 à 12:50
21 avril 2009 à 12:50
Bonjour, merci d'avoir accepté de m'aider,
je viens de réaliser l'annalyse par combofix, voici le log obtenu :
ComboFix 09-04-19.05 - Theodiablo 21/04/2009 6:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.3070.2116 [GMT 2:00]
Lancé depuis: c:\documents and settings\Theodiablo\Desktop\theodiablo.exe
AV: Antivirus BitDefender *On-access scanning enabled* (Updated)
FW: Pare-feu BitDefender *enabled*
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:00 . 2009-04-19 22:00 61440 ----a-w c:\windows\system32\drivers\jpmrf.sys
2009-04-19 08:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 08:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 08:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-19 08:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 08:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 08:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 08:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 08:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 08:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 08:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 08:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 08:50 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 08:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 22:27 . 2009-04-17 22:28 -------- d-----w c:\program files\Photoshop 7.0
2009-04-17 22:26 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-17 21:34 . 2006-11-02 15:59 49152 ----a-w c:\windows\system32\Minesweeper.exe.mui
2009-04-17 21:34 . 2006-11-02 12:33 4305408 ----a-w c:\windows\system32\MineSweeper.dll
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\documents and settings\Theodiablo\Local Settings\Application Data\Rockstar Games
2009-04-05 01:25 . 2009-04-05 12:13 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Hamachi
2009-04-05 01:24 . 2009-04-05 01:24 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 01:24 . 2009-04-05 01:25 -------- d-----w c:\program files\Hamachi
2009-04-05 01:17 . 2009-04-05 01:17 -------- d-sh--w c:\windows\ftpcache
2009-04-05 01:16 . 2009-04-05 11:32 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 01:16 . 2009-04-05 01:16 22328 ----a-w c:\documents and settings\Theodiablo\Application Data\PnkBstrK.sys
2009-04-05 01:15 . 2009-04-05 11:32 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-05 01:15 . 2009-04-05 11:32 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 01:15 . 2009-04-05 01:15 319 ----a-w c:\windows\game.ini
2009-04-05 01:10 . 2009-04-05 01:10 -------- d-----w c:\program files\Activision
2009-04-04 14:12 . 2009-04-04 14:17 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Mumble
2009-04-04 13:45 . 2009-04-04 14:12 -------- d-----w c:\program files\Mumble
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 17:14 . 2009-04-02 17:14 -------- d-----w c:\program files\Lame for Audacity
2009-03-30 17:57 . 2009-03-30 17:57 -------- d--h--r c:\documents and settings\Theodiablo\Application Data\SecuROM
2009-03-30 13:22 . 2009-03-30 13:22 133120 ----a-w c:\windows\system32\sndrec32.exe
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\windows\system32\xlive
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-30 12:53 . 2009-04-02 17:15 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Audacity
2009-03-30 12:53 . 2009-03-30 12:53 -------- d-----w c:\program files\Audacity
2009-03-30 12:29 . 2009-03-30 12:30 -------- d-----w c:\program files\Gta 4
2009-03-29 18:43 . 2009-03-29 18:43 319488 ----a-w c:\windows\HideWin.exe
2009-03-27 14:22 . 2009-03-27 14:48 -------- d-----w c:\program files\Teamspeak 3
2009-03-25 10:03 . 2009-03-25 10:03 -------- d-----w c:\documents and settings\Theodiablo\Application Data\teamspeak2
2009-03-25 10:03 . 2009-03-25 10:03 34064 ----a-w c:\windows\system32\lhacm.acm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:56 . 2009-02-11 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:00 . 2009-02-21 17:09 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-17 22:27 . 2009-02-11 21:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 01:59 . 2009-02-07 15:59 227976 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 20:16 . 2009-02-14 19:45 -------- d-----w c:\documents and settings\Theodiablo\Application Data\dvdcss
2009-04-06 18:29 . 2008-10-17 13:01 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-06 13:32 . 2009-02-11 16:34 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-11 16:34 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 01:15 . 2009-02-07 17:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 16:13 . 2009-02-22 00:55 -------- d-----w c:\program files\World of Warcraft
2009-04-02 06:53 . 2009-02-08 11:31 -------- d-----w c:\program files\Mozilla Sunbird
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\program files\ma-config.com
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 12:03 . 2009-03-06 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-16 21:59 . 2009-03-16 21:57 -------- d-----w c:\program files\Valve
2009-03-16 21:56 . 2009-02-08 11:45 -------- d-----w c:\program files\warcraft III
2009-03-14 00:02 . 2009-03-14 00:02 -------- d-----w c:\program files\MSXML 4.0
2009-03-13 21:05 . 2009-03-13 15:38 -------- d-----w c:\program files\WowCartographe
2009-03-13 02:17 . 2009-03-13 02:09 -------- d-----w c:\program files\Black & White 2
2009-03-12 15:25 . 2009-02-07 20:06 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 15:21 . 2009-02-07 20:06 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-10 12:32 . 2009-02-07 20:06 2168320 ----a-w c:\windows\MicCal.exe
2009-03-08 02:22 . 2009-02-22 16:16 -------- d-----w c:\documents and settings\Theodiablo\Application Data\DNA
2009-03-08 01:31 . 2009-02-11 15:24 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-08 01:21 . 2009-02-07 16:01 -------- d-----w c:\program files\CCleaner
2009-03-08 01:14 . 2009-02-22 16:16 -------- d-----w c:\program files\DNA
2009-03-07 14:56 . 2009-02-21 17:12 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-07 09:11 . 2009-02-07 16:23 70144 ----a-w c:\documents and settings\Theodiablo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 21:16 . 2009-03-06 21:16 -------- d-----w c:\program files\Microsoft Works
2009-03-06 21:16 . 2009-02-07 15:59 -------- d-----w c:\program files\MSBuild
2009-03-06 21:15 . 2009-03-06 21:15 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 21:14 . 2009-03-06 21:14 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-06 14:30 . 2009-02-25 15:32 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitTorrent
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:18 . 2009-02-23 11:21 -------- d-----w c:\program files\Peer2Me
2009-03-03 00:17 . 2009-03-13 12:57 828416 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:17 . 2008-06-19 20:42 828416 ----a-w c:\windows\system32\wininet.dll
2009-03-02 17:16 . 2009-02-19 19:41 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-02 17:16 . 2009-03-02 17:16 -------- d-----w c:\program files\DVDVideoSoft
2009-03-02 17:10 . 2009-02-19 19:41 -------- d-----w c:\program files\YouTube to Mp3 Converter
2009-02-28 23:04 . 2009-02-08 11:50 -------- d-----w c:\program files\psp
2009-02-28 13:06 . 2009-02-28 13:07 512 ----a-w C:\grub.bs
2009-02-28 04:54 . 2009-03-13 12:57 636088 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 12:31 . 2009-02-25 19:20 -------- d-----w c:\program files\Hospital Tycoon
2009-02-27 12:28 . 2009-02-27 12:28 -------- d-----w c:\program files\OO Software
2009-02-27 11:34 . 2009-02-07 17:37 -------- d-----w c:\program files\Hp
2009-02-27 11:05 . 2009-02-27 11:05 -------- d-----w c:\program files\Sun
2009-02-25 23:33 . 2009-02-25 23:32 -------- d-----w c:\program files\Video Convert
2009-02-25 19:26 . 2009-02-25 19:26 -------- d-----w c:\program files\Common Files\DirectX
2009-02-23 14:05 . 2009-02-11 15:30 -------- d-----w c:\program files\Rome Total War
2009-02-22 16:16 . 2009-02-22 16:16 -------- d-----w c:\program files\BitTorrent
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Microsoft
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 01:07 . 2009-02-22 01:07 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-21 17:26 . 2009-02-21 17:26 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-21 17:03 . 2009-02-21 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitDefender
2009-02-21 17:01 . 2009-02-21 16:56 -------- d-----w c:\program files\Common Files\BitDefender
2009-02-21 17:01 . 2009-02-21 17:01 -------- d-----w c:\program files\BitDefender
2009-02-21 07:39 . 2009-03-13 12:57 3596800 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 10:24 . 2009-03-13 12:57 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:24 . 2009-03-13 12:57 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2009-03-13 12:57 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 16:47 . 2009-02-27 11:05 129552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-11 21:04 . 2009-02-11 21:04 193220 ----a-w c:\windows\Web\Wallpaper\uninstall_Vista_Wallpapers.exe
2009-02-11 15:52 . 2009-02-11 15:52 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-03-11 23:09 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 17:25 . 2009-02-07 17:25 86 ----a-w C:\bcmwl5.log
2009-02-07 17:02 . 2009-03-13 13:04 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 16:55 . 2009-02-07 15:55 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 16:02 . 2009-02-11 16:26 71680 ----a-w c:\documents and settings\Administrator\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:18 71680 ----a-w c:\documents and settings\Theodiablo\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:04 71680 ----a-w c:\windows\system32\config\systemprofile\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:02 71680 ----a-w c:\documents and settings\Default User\GLB2015.tmp
2009-02-07 15:53 . 2009-02-07 15:53 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-03-13 13:04 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2009-03-13 13:04 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2008-04-23 05:58 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-03-13 13:04 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2008-04-14 05:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-21 13:54 . 2009-02-07 20:06 1206816 ----a-w c:\windows\RtlUpd.exe
2009-04-06 18:2008-10-30 16:34 29:47 . c:\program files\mozilla firefox\components\FFComm.dll
.
------- Sigcheck -------
[7] 2008-04-14 12:00 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 12:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 12:00 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2008-06-19 20:42 827392 41546B396A526918DA7995A02EA04E51 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\system32\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\system32\dllcache\wininet.dll
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-19 20:43 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 12:00 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[7] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 14:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-06-19 20:46 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 15:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-23 05:58 2306560 8C4050BD9FD87E23CDED28FFA889B0BA c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 12:00 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2008-04-14 12:00 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 12:00 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 12:00 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 12:00 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 12:00 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\[u]0/u22593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\[u]0/u22593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2008-04-14 12:00 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 12:00 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 12:00 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-06 778240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-06 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Theodiablo^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Theodiablo\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\warcraft III\\garena\\Garena.exe"=
"c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gta 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S0 iastor78;iastor78; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-02-16 100560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-02-16 41744]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-06 104328]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-02-16 87568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17dc28e4-1c8a-11de-bbc1-001e689a17a3}]
\Shell\AutoRun\command - D:\WDSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://stats.garena.com/clientinstall.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fluo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 06:54
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\THEODI~1\LOCALS~1\Temp\MGU116.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,9a,e3,f7,bb,5e,5a,a2,56,35,ff,7d,a7,ac,4f,21,9e,e4,ed,a5,e4,
7d,f9,16,c4,f2,8f,82,fe,d1,45,9a,ed,53,45,ed,e6,45,9e,d2,bf,93,dc,46,a3,b9,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4E17BC2F42417CC4CB6DB4327A79DD8659CB701E576C24A62A9E2F2FCD41C486686DB3A02A28EC637CA4557A17501E17CBBE9E4027AE529E1CADFD5B7F1B2F7DF59D7FE80AB4D5E3A8089FC5B19CACAF4C10A67ABAFDD2B6DE359AE8A2640C62F3D43BD613E8CC9F65778EBEE7A7D198A6F48575B80541419AE1259D044FE33500D1C56E601C70636A68E346BA0B590B4DB7FC0EAB46398619717E73D9DF476ADE6AC2E46DF7DE7094E423EC103815B4573712D481955EC0C7B94D173AF148E9F9069925997D3CFB668914FC31715838FCE68D8D8D1CD41FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67945D575E7D6A3B980866BCDF7815FE5E7C79AE3EA208FDDAB68C3F64DEA23E7047BAF6CE75C084D7172B37B9859323E1CAA31F80E27388E10C203986CF4291A82EFEFABB805FBB0112371AAA6D2813CF68A8A711788C81B43DF2811665AC654152611982189477C2CBE27813AEF58A16B099AFD4DFFC0B8DB070F896B7B55D69C845426313FC035DA7ABFB95FC0119266F2C35EEC9D498B141A5114D9495F3D419B482E77C197D137933E29ABFB124F169BACDC71A8573643F46D2457C65F6B9C059745A92CB592D0B3C7DD0135861F552429D8EE964B86FEB2A574CA6A589522E84C74AC75E5CF5193132A446A45CAB55E55EB3062ED8A1004C50F3FCBA1FDCC6A9C18941FE23BDD49EF7CD5DAB7714906A5F6BED00194CA44A7F921A6A831EE1613A30DBBA1BD7E336DDC00F67E4B515BA0330565C11447AE6BCC252E15359CA661E99A589061CDC4B053D47352C186AE43F3E28A9AF64948B73E2AA2E01DCC1986DE4DF40FD67CFD823C1A456294789191D1780B33309F7C0A214DA4551F47CFC3BF4021E6B17BBF90192FB700CD3612EBC802F26B115A1B55D3DD27DDE74213AB1F0B6C20D8F176F7A37548DD8D4D11FD082399492EC013ECB0932119833CB9C8BC35B32F539C92003FBE919E5E033089DE9D5F5957B76D028E450A13E0B0E95199D04D38D00311320722AE5E014CFAC7D4AF2A4C82E5B074202B5B065DAEA3740EFF5F58E539E76E7ECBA2AC810E2F06175B15E12F5F9A17D589F27F9055A3978732D4886A4571A0B85F2FCF07921604808E3C62A489283CF21804FB7EFC8794D23D55F59EE1373C996DC5E81F9AEA84BDB94621EA056B247DAFBD8B28795F55F3D55343E2C7F1B78C0392EF5BBA71B1315001D4EF96C5A00C76DD64EB815D3E346BF21BE5BBE4E01E87CB01FF019ADDC171545EED8704AAFECE2C244770FD9228361E7B982646DE0374B129FCE047A7D0BF90C09C072739C161CF4253AC0F4F581B7ACE2A57AFDA99683DDEF8DDFBF5A5E86897ABB736D21D00F2E50FAD8"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-04-21 6:57
ComboFix-quarantined-files.txt 2009-04-21 04:57
Avant-CF: 156 582 064 128 bytes free
Après-CF: 157 025 411 072 bytes free
339 --- E O F --- 2009-04-19 11:45
je viens de réaliser l'annalyse par combofix, voici le log obtenu :
ComboFix 09-04-19.05 - Theodiablo 21/04/2009 6:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.3070.2116 [GMT 2:00]
Lancé depuis: c:\documents and settings\Theodiablo\Desktop\theodiablo.exe
AV: Antivirus BitDefender *On-access scanning enabled* (Updated)
FW: Pare-feu BitDefender *enabled*
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:00 . 2009-04-19 22:00 61440 ----a-w c:\windows\system32\drivers\jpmrf.sys
2009-04-19 08:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 08:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 08:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-19 08:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 08:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 08:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 08:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 08:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 08:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 08:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 08:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 08:50 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 08:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 22:27 . 2009-04-17 22:28 -------- d-----w c:\program files\Photoshop 7.0
2009-04-17 22:26 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-17 21:34 . 2006-11-02 15:59 49152 ----a-w c:\windows\system32\Minesweeper.exe.mui
2009-04-17 21:34 . 2006-11-02 12:33 4305408 ----a-w c:\windows\system32\MineSweeper.dll
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\documents and settings\Theodiablo\Local Settings\Application Data\Rockstar Games
2009-04-05 01:25 . 2009-04-05 12:13 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Hamachi
2009-04-05 01:24 . 2009-04-05 01:24 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 01:24 . 2009-04-05 01:25 -------- d-----w c:\program files\Hamachi
2009-04-05 01:17 . 2009-04-05 01:17 -------- d-sh--w c:\windows\ftpcache
2009-04-05 01:16 . 2009-04-05 11:32 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 01:16 . 2009-04-05 01:16 22328 ----a-w c:\documents and settings\Theodiablo\Application Data\PnkBstrK.sys
2009-04-05 01:15 . 2009-04-05 11:32 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-05 01:15 . 2009-04-05 11:32 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 01:15 . 2009-04-05 01:15 319 ----a-w c:\windows\game.ini
2009-04-05 01:10 . 2009-04-05 01:10 -------- d-----w c:\program files\Activision
2009-04-04 14:12 . 2009-04-04 14:17 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Mumble
2009-04-04 13:45 . 2009-04-04 14:12 -------- d-----w c:\program files\Mumble
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 17:14 . 2009-04-02 17:14 -------- d-----w c:\program files\Lame for Audacity
2009-03-30 17:57 . 2009-03-30 17:57 -------- d--h--r c:\documents and settings\Theodiablo\Application Data\SecuROM
2009-03-30 13:22 . 2009-03-30 13:22 133120 ----a-w c:\windows\system32\sndrec32.exe
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\windows\system32\xlive
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-30 12:53 . 2009-04-02 17:15 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Audacity
2009-03-30 12:53 . 2009-03-30 12:53 -------- d-----w c:\program files\Audacity
2009-03-30 12:29 . 2009-03-30 12:30 -------- d-----w c:\program files\Gta 4
2009-03-29 18:43 . 2009-03-29 18:43 319488 ----a-w c:\windows\HideWin.exe
2009-03-27 14:22 . 2009-03-27 14:48 -------- d-----w c:\program files\Teamspeak 3
2009-03-25 10:03 . 2009-03-25 10:03 -------- d-----w c:\documents and settings\Theodiablo\Application Data\teamspeak2
2009-03-25 10:03 . 2009-03-25 10:03 34064 ----a-w c:\windows\system32\lhacm.acm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:56 . 2009-02-11 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:00 . 2009-02-21 17:09 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-17 22:27 . 2009-02-11 21:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 01:59 . 2009-02-07 15:59 227976 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 20:16 . 2009-02-14 19:45 -------- d-----w c:\documents and settings\Theodiablo\Application Data\dvdcss
2009-04-06 18:29 . 2008-10-17 13:01 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-06 13:32 . 2009-02-11 16:34 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-11 16:34 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 01:15 . 2009-02-07 17:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 16:13 . 2009-02-22 00:55 -------- d-----w c:\program files\World of Warcraft
2009-04-02 06:53 . 2009-02-08 11:31 -------- d-----w c:\program files\Mozilla Sunbird
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\program files\ma-config.com
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 12:03 . 2009-03-06 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-16 21:59 . 2009-03-16 21:57 -------- d-----w c:\program files\Valve
2009-03-16 21:56 . 2009-02-08 11:45 -------- d-----w c:\program files\warcraft III
2009-03-14 00:02 . 2009-03-14 00:02 -------- d-----w c:\program files\MSXML 4.0
2009-03-13 21:05 . 2009-03-13 15:38 -------- d-----w c:\program files\WowCartographe
2009-03-13 02:17 . 2009-03-13 02:09 -------- d-----w c:\program files\Black & White 2
2009-03-12 15:25 . 2009-02-07 20:06 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 15:21 . 2009-02-07 20:06 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-10 12:32 . 2009-02-07 20:06 2168320 ----a-w c:\windows\MicCal.exe
2009-03-08 02:22 . 2009-02-22 16:16 -------- d-----w c:\documents and settings\Theodiablo\Application Data\DNA
2009-03-08 01:31 . 2009-02-11 15:24 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-08 01:21 . 2009-02-07 16:01 -------- d-----w c:\program files\CCleaner
2009-03-08 01:14 . 2009-02-22 16:16 -------- d-----w c:\program files\DNA
2009-03-07 14:56 . 2009-02-21 17:12 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-07 09:11 . 2009-02-07 16:23 70144 ----a-w c:\documents and settings\Theodiablo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 21:16 . 2009-03-06 21:16 -------- d-----w c:\program files\Microsoft Works
2009-03-06 21:16 . 2009-02-07 15:59 -------- d-----w c:\program files\MSBuild
2009-03-06 21:15 . 2009-03-06 21:15 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 21:14 . 2009-03-06 21:14 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-06 14:30 . 2009-02-25 15:32 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitTorrent
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:18 . 2009-02-23 11:21 -------- d-----w c:\program files\Peer2Me
2009-03-03 00:17 . 2009-03-13 12:57 828416 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:17 . 2008-06-19 20:42 828416 ----a-w c:\windows\system32\wininet.dll
2009-03-02 17:16 . 2009-02-19 19:41 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-02 17:16 . 2009-03-02 17:16 -------- d-----w c:\program files\DVDVideoSoft
2009-03-02 17:10 . 2009-02-19 19:41 -------- d-----w c:\program files\YouTube to Mp3 Converter
2009-02-28 23:04 . 2009-02-08 11:50 -------- d-----w c:\program files\psp
2009-02-28 13:06 . 2009-02-28 13:07 512 ----a-w C:\grub.bs
2009-02-28 04:54 . 2009-03-13 12:57 636088 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 12:31 . 2009-02-25 19:20 -------- d-----w c:\program files\Hospital Tycoon
2009-02-27 12:28 . 2009-02-27 12:28 -------- d-----w c:\program files\OO Software
2009-02-27 11:34 . 2009-02-07 17:37 -------- d-----w c:\program files\Hp
2009-02-27 11:05 . 2009-02-27 11:05 -------- d-----w c:\program files\Sun
2009-02-25 23:33 . 2009-02-25 23:32 -------- d-----w c:\program files\Video Convert
2009-02-25 19:26 . 2009-02-25 19:26 -------- d-----w c:\program files\Common Files\DirectX
2009-02-23 14:05 . 2009-02-11 15:30 -------- d-----w c:\program files\Rome Total War
2009-02-22 16:16 . 2009-02-22 16:16 -------- d-----w c:\program files\BitTorrent
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Microsoft
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 01:07 . 2009-02-22 01:07 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-21 17:26 . 2009-02-21 17:26 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-21 17:03 . 2009-02-21 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitDefender
2009-02-21 17:01 . 2009-02-21 16:56 -------- d-----w c:\program files\Common Files\BitDefender
2009-02-21 17:01 . 2009-02-21 17:01 -------- d-----w c:\program files\BitDefender
2009-02-21 07:39 . 2009-03-13 12:57 3596800 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 10:24 . 2009-03-13 12:57 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:24 . 2009-03-13 12:57 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2009-03-13 12:57 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 16:47 . 2009-02-27 11:05 129552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-11 21:04 . 2009-02-11 21:04 193220 ----a-w c:\windows\Web\Wallpaper\uninstall_Vista_Wallpapers.exe
2009-02-11 15:52 . 2009-02-11 15:52 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-03-11 23:09 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 17:25 . 2009-02-07 17:25 86 ----a-w C:\bcmwl5.log
2009-02-07 17:02 . 2009-03-13 13:04 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 16:55 . 2009-02-07 15:55 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 16:02 . 2009-02-11 16:26 71680 ----a-w c:\documents and settings\Administrator\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:18 71680 ----a-w c:\documents and settings\Theodiablo\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:04 71680 ----a-w c:\windows\system32\config\systemprofile\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:02 71680 ----a-w c:\documents and settings\Default User\GLB2015.tmp
2009-02-07 15:53 . 2009-02-07 15:53 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-03-13 13:04 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2009-03-13 13:04 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2008-04-23 05:58 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-03-13 13:04 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2008-04-14 05:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-21 13:54 . 2009-02-07 20:06 1206816 ----a-w c:\windows\RtlUpd.exe
2009-04-06 18:2008-10-30 16:34 29:47 . c:\program files\mozilla firefox\components\FFComm.dll
.
------- Sigcheck -------
[7] 2008-04-14 12:00 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 12:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 12:00 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2008-06-19 20:42 827392 41546B396A526918DA7995A02EA04E51 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\system32\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\system32\dllcache\wininet.dll
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-19 20:43 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 12:00 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[7] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 14:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-06-19 20:46 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 15:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-23 05:58 2306560 8C4050BD9FD87E23CDED28FFA889B0BA c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 12:00 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2008-04-14 12:00 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 12:00 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 12:00 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 12:00 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 12:00 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\[u]0/u22593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\[u]0/u22593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2008-04-14 12:00 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 12:00 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 12:00 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-06 778240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-06 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Theodiablo^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Theodiablo\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\warcraft III\\garena\\Garena.exe"=
"c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gta 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S0 iastor78;iastor78; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-02-16 100560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-02-16 41744]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-06 104328]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-02-16 87568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17dc28e4-1c8a-11de-bbc1-001e689a17a3}]
\Shell\AutoRun\command - D:\WDSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://stats.garena.com/clientinstall.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fluo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 06:54
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\THEODI~1\LOCALS~1\Temp\MGU116.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,9a,e3,f7,bb,5e,5a,a2,56,35,ff,7d,a7,ac,4f,21,9e,e4,ed,a5,e4,
7d,f9,16,c4,f2,8f,82,fe,d1,45,9a,ed,53,45,ed,e6,45,9e,d2,bf,93,dc,46,a3,b9,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4E17BC2F42417CC4CB6DB4327A79DD8659CB701E576C24A62A9E2F2FCD41C486686DB3A02A28EC637CA4557A17501E17CBBE9E4027AE529E1CADFD5B7F1B2F7DF59D7FE80AB4D5E3A8089FC5B19CACAF4C10A67ABAFDD2B6DE359AE8A2640C62F3D43BD613E8CC9F65778EBEE7A7D198A6F48575B80541419AE1259D044FE33500D1C56E601C70636A68E346BA0B590B4DB7FC0EAB46398619717E73D9DF476ADE6AC2E46DF7DE7094E423EC103815B4573712D481955EC0C7B94D173AF148E9F9069925997D3CFB668914FC31715838FCE68D8D8D1CD41FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67945D575E7D6A3B980866BCDF7815FE5E7C79AE3EA208FDDAB68C3F64DEA23E7047BAF6CE75C084D7172B37B9859323E1CAA31F80E27388E10C203986CF4291A82EFEFABB805FBB0112371AAA6D2813CF68A8A711788C81B43DF2811665AC654152611982189477C2CBE27813AEF58A16B099AFD4DFFC0B8DB070F896B7B55D69C845426313FC035DA7ABFB95FC0119266F2C35EEC9D498B141A5114D9495F3D419B482E77C197D137933E29ABFB124F169BACDC71A8573643F46D2457C65F6B9C059745A92CB592D0B3C7DD0135861F552429D8EE964B86FEB2A574CA6A589522E84C74AC75E5CF5193132A446A45CAB55E55EB3062ED8A1004C50F3FCBA1FDCC6A9C18941FE23BDD49EF7CD5DAB7714906A5F6BED00194CA44A7F921A6A831EE1613A30DBBA1BD7E336DDC00F67E4B515BA0330565C11447AE6BCC252E15359CA661E99A589061CDC4B053D47352C186AE43F3E28A9AF64948B73E2AA2E01DCC1986DE4DF40FD67CFD823C1A456294789191D1780B33309F7C0A214DA4551F47CFC3BF4021E6B17BBF90192FB700CD3612EBC802F26B115A1B55D3DD27DDE74213AB1F0B6C20D8F176F7A37548DD8D4D11FD082399492EC013ECB0932119833CB9C8BC35B32F539C92003FBE919E5E033089DE9D5F5957B76D028E450A13E0B0E95199D04D38D00311320722AE5E014CFAC7D4AF2A4C82E5B074202B5B065DAEA3740EFF5F58E539E76E7ECBA2AC810E2F06175B15E12F5F9A17D589F27F9055A3978732D4886A4571A0B85F2FCF07921604808E3C62A489283CF21804FB7EFC8794D23D55F59EE1373C996DC5E81F9AEA84BDB94621EA056B247DAFBD8B28795F55F3D55343E2C7F1B78C0392EF5BBA71B1315001D4EF96C5A00C76DD64EB815D3E346BF21BE5BBE4E01E87CB01FF019ADDC171545EED8704AAFECE2C244770FD9228361E7B982646DE0374B129FCE047A7D0BF90C09C072739C161CF4253AC0F4F581B7ACE2A57AFDA99683DDEF8DDFBF5A5E86897ABB736D21D00F2E50FAD8"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-04-21 6:57
ComboFix-quarantined-files.txt 2009-04-21 04:57
Avant-CF: 156 582 064 128 bytes free
Après-CF: 157 025 411 072 bytes free
339 --- E O F --- 2009-04-19 11:45
theodiablo
Messages postés
53
Date d'inscription
mardi 5 février 2008
Statut
Membre
Dernière intervention
22 avril 2009
21 avril 2009 à 23:36
21 avril 2009 à 23:36
Je viens de voir que je suis un gros boulet, j'ai oublié de desactiver mon antivirus pendant le scan comme vous me l'aviez demandé...
je recommence tout de suite
je recommence tout de suite
theodiablo
Messages postés
53
Date d'inscription
mardi 5 février 2008
Statut
Membre
Dernière intervention
22 avril 2009
21 avril 2009 à 23:45
21 avril 2009 à 23:45
voilà le nouveau log :
AV: Antivirus BitDefender *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *disabled*
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:00 . 2009-04-19 22:00 61440 ----a-w c:\windows\system32\drivers\jpmrf.sys
2009-04-19 08:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 08:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 08:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-19 08:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 08:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 08:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 08:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 08:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 08:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 08:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 08:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 08:50 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 08:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 22:27 . 2009-04-17 22:28 -------- d-----w c:\program files\Photoshop 7.0
2009-04-17 22:26 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-17 21:34 . 2006-11-02 15:59 49152 ----a-w c:\windows\system32\Minesweeper.exe.mui
2009-04-17 21:34 . 2006-11-02 12:33 4305408 ----a-w c:\windows\system32\MineSweeper.dll
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\documents and settings\Theodiablo\Local Settings\Application Data\Rockstar Games
2009-04-05 01:25 . 2009-04-05 12:13 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Hamachi
2009-04-05 01:24 . 2009-04-05 01:24 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 01:24 . 2009-04-05 01:25 -------- d-----w c:\program files\Hamachi
2009-04-05 01:17 . 2009-04-05 01:17 -------- d-sh--w c:\windows\ftpcache
2009-04-05 01:16 . 2009-04-05 11:32 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 01:16 . 2009-04-05 01:16 22328 ----a-w c:\documents and settings\Theodiablo\Application Data\PnkBstrK.sys
2009-04-05 01:15 . 2009-04-05 11:32 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-05 01:15 . 2009-04-05 11:32 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 01:15 . 2009-04-05 01:15 319 ----a-w c:\windows\game.ini
2009-04-05 01:10 . 2009-04-05 01:10 -------- d-----w c:\program files\Activision
2009-04-04 14:12 . 2009-04-04 14:17 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Mumble
2009-04-04 13:45 . 2009-04-04 14:12 -------- d-----w c:\program files\Mumble
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 17:14 . 2009-04-02 17:14 -------- d-----w c:\program files\Lame for Audacity
2009-03-30 17:57 . 2009-03-30 17:57 -------- d--h--r c:\documents and settings\Theodiablo\Application Data\SecuROM
2009-03-30 13:22 . 2009-03-30 13:22 133120 ----a-w c:\windows\system32\sndrec32.exe
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\windows\system32\xlive
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-30 12:53 . 2009-04-02 17:15 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Audacity
2009-03-30 12:53 . 2009-03-30 12:53 -------- d-----w c:\program files\Audacity
2009-03-30 12:29 . 2009-03-30 12:30 -------- d-----w c:\program files\Gta 4
2009-03-29 18:43 . 2009-03-29 18:43 319488 ----a-w c:\windows\HideWin.exe
2009-03-27 14:22 . 2009-03-27 14:48 -------- d-----w c:\program files\Teamspeak 3
2009-03-25 10:03 . 2009-03-25 10:03 -------- d-----w c:\documents and settings\Theodiablo\Application Data\teamspeak2
2009-03-25 10:03 . 2009-03-25 10:03 34064 ----a-w c:\windows\system32\lhacm.acm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:56 . 2009-02-11 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:00 . 2009-02-21 17:09 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-17 22:27 . 2009-02-11 21:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 01:59 . 2009-02-07 15:59 227976 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 20:16 . 2009-02-14 19:45 -------- d-----w c:\documents and settings\Theodiablo\Application Data\dvdcss
2009-04-06 18:29 . 2008-10-17 13:01 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-06 13:32 . 2009-02-11 16:34 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-11 16:34 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 01:15 . 2009-02-07 17:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 16:13 . 2009-02-22 00:55 -------- d-----w c:\program files\World of Warcraft
2009-04-02 06:53 . 2009-02-08 11:31 -------- d-----w c:\program files\Mozilla Sunbird
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\program files\ma-config.com
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 12:03 . 2009-03-06 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-16 21:59 . 2009-03-16 21:57 -------- d-----w c:\program files\Valve
2009-03-16 21:56 . 2009-02-08 11:45 -------- d-----w c:\program files\warcraft III
2009-03-14 00:02 . 2009-03-14 00:02 -------- d-----w c:\program files\MSXML 4.0
2009-03-13 21:05 . 2009-03-13 15:38 -------- d-----w c:\program files\WowCartographe
2009-03-13 02:17 . 2009-03-13 02:09 -------- d-----w c:\program files\Black & White 2
2009-03-12 15:25 . 2009-02-07 20:06 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 15:21 . 2009-02-07 20:06 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-10 12:32 . 2009-02-07 20:06 2168320 ----a-w c:\windows\MicCal.exe
2009-03-08 02:22 . 2009-02-22 16:16 -------- d-----w c:\documents and settings\Theodiablo\Application Data\DNA
2009-03-08 01:31 . 2009-02-11 15:24 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-08 01:21 . 2009-02-07 16:01 -------- d-----w c:\program files\CCleaner
2009-03-08 01:14 . 2009-02-22 16:16 -------- d-----w c:\program files\DNA
2009-03-07 14:56 . 2009-02-21 17:12 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-07 09:11 . 2009-02-07 16:23 70144 ----a-w c:\documents and settings\Theodiablo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 21:16 . 2009-03-06 21:16 -------- d-----w c:\program files\Microsoft Works
2009-03-06 21:16 . 2009-02-07 15:59 -------- d-----w c:\program files\MSBuild
2009-03-06 21:15 . 2009-03-06 21:15 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 21:14 . 2009-03-06 21:14 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-06 14:30 . 2009-02-25 15:32 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitTorrent
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:18 . 2009-02-23 11:21 -------- d-----w c:\program files\Peer2Me
2009-03-03 00:17 . 2009-03-13 12:57 828416 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:17 . 2008-06-19 20:42 828416 ----a-w c:\windows\system32\wininet.dll
2009-03-02 17:16 . 2009-02-19 19:41 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-02 17:16 . 2009-03-02 17:16 -------- d-----w c:\program files\DVDVideoSoft
2009-03-02 17:10 . 2009-02-19 19:41 -------- d-----w c:\program files\YouTube to Mp3 Converter
2009-02-28 23:04 . 2009-02-08 11:50 -------- d-----w c:\program files\psp
2009-02-28 13:06 . 2009-02-28 13:07 512 ----a-w C:\grub.bs
2009-02-28 04:54 . 2009-03-13 12:57 636088 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 12:31 . 2009-02-25 19:20 -------- d-----w c:\program files\Hospital Tycoon
2009-02-27 12:28 . 2009-02-27 12:28 -------- d-----w c:\program files\OO Software
2009-02-27 11:34 . 2009-02-07 17:37 -------- d-----w c:\program files\Hp
2009-02-27 11:05 . 2009-02-27 11:05 -------- d-----w c:\program files\Sun
2009-02-25 23:33 . 2009-02-25 23:32 -------- d-----w c:\program files\Video Convert
2009-02-25 19:26 . 2009-02-25 19:26 -------- d-----w c:\program files\Common Files\DirectX
2009-02-23 14:05 . 2009-02-11 15:30 -------- d-----w c:\program files\Rome Total War
2009-02-22 16:16 . 2009-02-22 16:16 -------- d-----w c:\program files\BitTorrent
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Microsoft
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 01:07 . 2009-02-22 01:07 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-21 17:26 . 2009-02-21 17:26 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-21 17:03 . 2009-02-21 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitDefender
2009-02-21 17:01 . 2009-02-21 16:56 -------- d-----w c:\program files\Common Files\BitDefender
2009-02-21 17:01 . 2009-02-21 17:01 -------- d-----w c:\program files\BitDefender
2009-02-21 07:39 . 2009-03-13 12:57 3596800 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 10:24 . 2009-03-13 12:57 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:24 . 2009-03-13 12:57 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2009-03-13 12:57 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 16:47 . 2009-02-27 11:05 129552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-11 21:04 . 2009-02-11 21:04 193220 ----a-w c:\windows\Web\Wallpaper\uninstall_Vista_Wallpapers.exe
2009-02-11 15:52 . 2009-02-11 15:52 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-03-11 23:09 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 17:25 . 2009-02-07 17:25 86 ----a-w C:\bcmwl5.log
2009-02-07 17:02 . 2009-03-13 13:04 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 16:55 . 2009-02-07 15:55 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 16:02 . 2009-02-11 16:26 71680 ----a-w c:\documents and settings\Administrator\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:18 71680 ----a-w c:\documents and settings\Theodiablo\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:04 71680 ----a-w c:\windows\system32\config\systemprofile\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:02 71680 ----a-w c:\documents and settings\Default User\GLB2015.tmp
2009-02-07 15:53 . 2009-02-07 15:53 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-03-13 13:04 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2009-03-13 13:04 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2008-04-23 05:58 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-03-13 13:04 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2008-04-14 05:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-04-06 18:2008-10-30 16:34 29:47 . c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-06 778240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-06 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Theodiablo^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Theodiablo\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\warcraft III\\garena\\Garena.exe"=
"c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gta 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S0 iastor78;iastor78; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-02-16 100560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-02-16 41744]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-06 104328]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-02-16 87568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\NCR.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17dc28e4-1c8a-11de-bbc1-001e689a17a3}]
\Shell\AutoRun\command - D:\WDSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://stats.garena.com/clientinstall.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fluo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 23:40
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\THEODI~1\LOCALS~1\Temp\MGU116.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,9a,e3,f7,bb,5e,5a,a2,56,35,ff,7d,a7,ac,4f,21,9e,e4,ed,a5,e4,
7d,f9,16,c4,f2,8f,82,fe,d1,45,9a,ed,53,45,ed,e6,45,9e,d2,bf,93,dc,46,a3,b9,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4E17BC2F42417CC4CB6DB4327A79DD8659CB701E576C24A62A9E2F2FCD41C486686DB3A02A28EC637CA4557A17501E17CBBE9E4027AE529E1CADFD5B7F1B2F7DF59D7FE80AB4D5E3A8089FC5B19CACAF4C10A67ABAFDD2B6DE359AE8A2640C62F3D43BD613E8CC9F65778EBEE7A7D198A6F48575B80541419AE1259D044FE33500D1C56E601C70636A68E346BA0B590B4DB7FC0EAB46398619717E73D9DF476ADE6AC2E46DF7DE7094E423EC103815B4573712D481955EC0C7B94D173AF148E9F9069925997D3CFB668914FC31715838FCE68D8D8D1CD41FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67945D575E7D6A3B980866BCDF7815FE5E7C79AE3EA208FDDAB68C3F64DEA23E7047BAF6CE75C084D7172B37B9859323E1CAA31F80E27388E10C203986CF4291A82EFEFABB805FBB0112371AAA6D2813CF68A8A711788C81B43DF2811665AC654152611982189477C2CBE27813AEF58A16B099AFD4DFFC0B8DB070F896B7B55D69C845426313FC035DA7ABFB95FC0119266F2C35EEC9D498B141A5114D9495F3D419B482E77C197D137933E29ABFB124F169BACDC71A8573643F46D2457C65F6B9C059745A92CB592D0B3C7DD0135861F552429D8EE964B86FEB2A574CA6A589522E84C74AC75E5CF5193132A446A45CAB55E55EB3062ED8A1004C50F3FCBA1FDCC6A9C18941FE23BDD49EF7CD5DAB7714906A5F6BED00194CA44A7F921A6A831EE1613A30DBBA1BD7E336DDC00F67E4B515BA0330565C11447AE6BCC252E15359CA661E99A589061CDC4B053D47352C186AE43F3E28A9AF64948B73E2AA2E01DCC1986DE4DF40FD67CFD823C1A456294789191D1780B33309F7C0A214DA4551F47CFC3BF4021E6B17BBF90192FB700CD3612EBC802F26B115A1B55D3DD27DDE74213AB1F0B6C20D8F176F7A37548DD8D4D11FD082399492EC013ECB0932119833CB9C8BC35B32F539C92003FBE919E5E033089DE9D5F5957B76D028E450A13E0B0E95199D04D38D00311320722AE5E014CFAC7D4AF2A4C82E5B074202B5B065DAEA3740EFF5F58E539E76E7ECBA2AC810E2F06175B15E12F5F9A17D589F27F9055A3978732D4886A4571A0B85F2FCF07921604808E3C62A489283CF21804FB7EFC8794D23D55F59EE1373C996DC5E81F9AEA84BDB94621EA056B247DAFBD8B28795F55F3D55343E2C7F1B78C0392EF5BBA71B1315001D4EF96C5A00C76DD64EB815D3E346BF21BE5BBE4E01E87CB01FF019ADDC171545EED8704AAFECE2C244770FD9228361E7B982646DE0374B129FCE047A7D0BF90C09C072739C161CF4253AC0F4F581B7ACE2A57AFDA99683DDEF8DDFBF5A5E86897ABB736D21D00F2E50FAD8"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(4164)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
Heure de fin: 2009-04-21 23:41
ComboFix-quarantined-files.txt 2009-04-21 21:41
ComboFix2.txt 2009-04-21 04:57
Avant-CF: 156 981 891 072 bytes free
Après-CF: 157 028 085 760 bytes free
278 --- E O F --- 2009-04-19 11:45
J'espère que mon étourderie n'a pas rendu les choses plus difficiles.
AV: Antivirus BitDefender *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *disabled*
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:00 . 2009-04-19 22:00 61440 ----a-w c:\windows\system32\drivers\jpmrf.sys
2009-04-19 08:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 08:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 08:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-19 08:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 08:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 08:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 08:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 08:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 08:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 08:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 08:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 08:50 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 08:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 22:27 . 2009-04-17 22:28 -------- d-----w c:\program files\Photoshop 7.0
2009-04-17 22:26 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-17 21:34 . 2006-11-02 15:59 49152 ----a-w c:\windows\system32\Minesweeper.exe.mui
2009-04-17 21:34 . 2006-11-02 12:33 4305408 ----a-w c:\windows\system32\MineSweeper.dll
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\documents and settings\Theodiablo\Local Settings\Application Data\Rockstar Games
2009-04-05 01:25 . 2009-04-05 12:13 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Hamachi
2009-04-05 01:24 . 2009-04-05 01:24 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 01:24 . 2009-04-05 01:25 -------- d-----w c:\program files\Hamachi
2009-04-05 01:17 . 2009-04-05 01:17 -------- d-sh--w c:\windows\ftpcache
2009-04-05 01:16 . 2009-04-05 11:32 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 01:16 . 2009-04-05 01:16 22328 ----a-w c:\documents and settings\Theodiablo\Application Data\PnkBstrK.sys
2009-04-05 01:15 . 2009-04-05 11:32 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-05 01:15 . 2009-04-05 11:32 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 01:15 . 2009-04-05 01:15 319 ----a-w c:\windows\game.ini
2009-04-05 01:10 . 2009-04-05 01:10 -------- d-----w c:\program files\Activision
2009-04-04 14:12 . 2009-04-04 14:17 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Mumble
2009-04-04 13:45 . 2009-04-04 14:12 -------- d-----w c:\program files\Mumble
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 17:14 . 2009-04-02 17:14 -------- d-----w c:\program files\Lame for Audacity
2009-03-30 17:57 . 2009-03-30 17:57 -------- d--h--r c:\documents and settings\Theodiablo\Application Data\SecuROM
2009-03-30 13:22 . 2009-03-30 13:22 133120 ----a-w c:\windows\system32\sndrec32.exe
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\windows\system32\xlive
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-30 12:53 . 2009-04-02 17:15 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Audacity
2009-03-30 12:53 . 2009-03-30 12:53 -------- d-----w c:\program files\Audacity
2009-03-30 12:29 . 2009-03-30 12:30 -------- d-----w c:\program files\Gta 4
2009-03-29 18:43 . 2009-03-29 18:43 319488 ----a-w c:\windows\HideWin.exe
2009-03-27 14:22 . 2009-03-27 14:48 -------- d-----w c:\program files\Teamspeak 3
2009-03-25 10:03 . 2009-03-25 10:03 -------- d-----w c:\documents and settings\Theodiablo\Application Data\teamspeak2
2009-03-25 10:03 . 2009-03-25 10:03 34064 ----a-w c:\windows\system32\lhacm.acm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:56 . 2009-02-11 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:00 . 2009-02-21 17:09 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-17 22:27 . 2009-02-11 21:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 01:59 . 2009-02-07 15:59 227976 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 20:16 . 2009-02-14 19:45 -------- d-----w c:\documents and settings\Theodiablo\Application Data\dvdcss
2009-04-06 18:29 . 2008-10-17 13:01 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-06 13:32 . 2009-02-11 16:34 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-11 16:34 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 01:15 . 2009-02-07 17:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 16:13 . 2009-02-22 00:55 -------- d-----w c:\program files\World of Warcraft
2009-04-02 06:53 . 2009-02-08 11:31 -------- d-----w c:\program files\Mozilla Sunbird
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\program files\ma-config.com
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 12:03 . 2009-03-06 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-16 21:59 . 2009-03-16 21:57 -------- d-----w c:\program files\Valve
2009-03-16 21:56 . 2009-02-08 11:45 -------- d-----w c:\program files\warcraft III
2009-03-14 00:02 . 2009-03-14 00:02 -------- d-----w c:\program files\MSXML 4.0
2009-03-13 21:05 . 2009-03-13 15:38 -------- d-----w c:\program files\WowCartographe
2009-03-13 02:17 . 2009-03-13 02:09 -------- d-----w c:\program files\Black & White 2
2009-03-12 15:25 . 2009-02-07 20:06 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 15:21 . 2009-02-07 20:06 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-10 12:32 . 2009-02-07 20:06 2168320 ----a-w c:\windows\MicCal.exe
2009-03-08 02:22 . 2009-02-22 16:16 -------- d-----w c:\documents and settings\Theodiablo\Application Data\DNA
2009-03-08 01:31 . 2009-02-11 15:24 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-08 01:21 . 2009-02-07 16:01 -------- d-----w c:\program files\CCleaner
2009-03-08 01:14 . 2009-02-22 16:16 -------- d-----w c:\program files\DNA
2009-03-07 14:56 . 2009-02-21 17:12 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-07 09:11 . 2009-02-07 16:23 70144 ----a-w c:\documents and settings\Theodiablo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 21:16 . 2009-03-06 21:16 -------- d-----w c:\program files\Microsoft Works
2009-03-06 21:16 . 2009-02-07 15:59 -------- d-----w c:\program files\MSBuild
2009-03-06 21:15 . 2009-03-06 21:15 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 21:14 . 2009-03-06 21:14 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-06 14:30 . 2009-02-25 15:32 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitTorrent
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:18 . 2009-02-23 11:21 -------- d-----w c:\program files\Peer2Me
2009-03-03 00:17 . 2009-03-13 12:57 828416 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:17 . 2008-06-19 20:42 828416 ----a-w c:\windows\system32\wininet.dll
2009-03-02 17:16 . 2009-02-19 19:41 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-02 17:16 . 2009-03-02 17:16 -------- d-----w c:\program files\DVDVideoSoft
2009-03-02 17:10 . 2009-02-19 19:41 -------- d-----w c:\program files\YouTube to Mp3 Converter
2009-02-28 23:04 . 2009-02-08 11:50 -------- d-----w c:\program files\psp
2009-02-28 13:06 . 2009-02-28 13:07 512 ----a-w C:\grub.bs
2009-02-28 04:54 . 2009-03-13 12:57 636088 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 12:31 . 2009-02-25 19:20 -------- d-----w c:\program files\Hospital Tycoon
2009-02-27 12:28 . 2009-02-27 12:28 -------- d-----w c:\program files\OO Software
2009-02-27 11:34 . 2009-02-07 17:37 -------- d-----w c:\program files\Hp
2009-02-27 11:05 . 2009-02-27 11:05 -------- d-----w c:\program files\Sun
2009-02-25 23:33 . 2009-02-25 23:32 -------- d-----w c:\program files\Video Convert
2009-02-25 19:26 . 2009-02-25 19:26 -------- d-----w c:\program files\Common Files\DirectX
2009-02-23 14:05 . 2009-02-11 15:30 -------- d-----w c:\program files\Rome Total War
2009-02-22 16:16 . 2009-02-22 16:16 -------- d-----w c:\program files\BitTorrent
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Microsoft
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 01:07 . 2009-02-22 01:07 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-21 17:26 . 2009-02-21 17:26 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-21 17:03 . 2009-02-21 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitDefender
2009-02-21 17:01 . 2009-02-21 16:56 -------- d-----w c:\program files\Common Files\BitDefender
2009-02-21 17:01 . 2009-02-21 17:01 -------- d-----w c:\program files\BitDefender
2009-02-21 07:39 . 2009-03-13 12:57 3596800 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 10:24 . 2009-03-13 12:57 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:24 . 2009-03-13 12:57 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2009-03-13 12:57 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 16:47 . 2009-02-27 11:05 129552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-11 21:04 . 2009-02-11 21:04 193220 ----a-w c:\windows\Web\Wallpaper\uninstall_Vista_Wallpapers.exe
2009-02-11 15:52 . 2009-02-11 15:52 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-03-11 23:09 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 17:25 . 2009-02-07 17:25 86 ----a-w C:\bcmwl5.log
2009-02-07 17:02 . 2009-03-13 13:04 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 16:55 . 2009-02-07 15:55 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 16:02 . 2009-02-11 16:26 71680 ----a-w c:\documents and settings\Administrator\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:18 71680 ----a-w c:\documents and settings\Theodiablo\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:04 71680 ----a-w c:\windows\system32\config\systemprofile\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:02 71680 ----a-w c:\documents and settings\Default User\GLB2015.tmp
2009-02-07 15:53 . 2009-02-07 15:53 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-03-13 13:04 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2009-03-13 13:04 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2008-04-23 05:58 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-03-13 13:04 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2008-04-14 05:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-04-06 18:2008-10-30 16:34 29:47 . c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-06 778240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-06 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Theodiablo^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Theodiablo\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\warcraft III\\garena\\Garena.exe"=
"c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gta 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S0 iastor78;iastor78; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-02-16 100560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-02-16 41744]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-06 104328]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-02-16 87568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\NCR.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17dc28e4-1c8a-11de-bbc1-001e689a17a3}]
\Shell\AutoRun\command - D:\WDSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://stats.garena.com/clientinstall.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fluo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 23:40
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\THEODI~1\LOCALS~1\Temp\MGU116.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,9a,e3,f7,bb,5e,5a,a2,56,35,ff,7d,a7,ac,4f,21,9e,e4,ed,a5,e4,
7d,f9,16,c4,f2,8f,82,fe,d1,45,9a,ed,53,45,ed,e6,45,9e,d2,bf,93,dc,46,a3,b9,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4E17BC2F42417CC4CB6DB4327A79DD8659CB701E576C24A62A9E2F2FCD41C486686DB3A02A28EC637CA4557A17501E17CBBE9E4027AE529E1CADFD5B7F1B2F7DF59D7FE80AB4D5E3A8089FC5B19CACAF4C10A67ABAFDD2B6DE359AE8A2640C62F3D43BD613E8CC9F65778EBEE7A7D198A6F48575B80541419AE1259D044FE33500D1C56E601C70636A68E346BA0B590B4DB7FC0EAB46398619717E73D9DF476ADE6AC2E46DF7DE7094E423EC103815B4573712D481955EC0C7B94D173AF148E9F9069925997D3CFB668914FC31715838FCE68D8D8D1CD41FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67945D575E7D6A3B980866BCDF7815FE5E7C79AE3EA208FDDAB68C3F64DEA23E7047BAF6CE75C084D7172B37B9859323E1CAA31F80E27388E10C203986CF4291A82EFEFABB805FBB0112371AAA6D2813CF68A8A711788C81B43DF2811665AC654152611982189477C2CBE27813AEF58A16B099AFD4DFFC0B8DB070F896B7B55D69C845426313FC035DA7ABFB95FC0119266F2C35EEC9D498B141A5114D9495F3D419B482E77C197D137933E29ABFB124F169BACDC71A8573643F46D2457C65F6B9C059745A92CB592D0B3C7DD0135861F552429D8EE964B86FEB2A574CA6A589522E84C74AC75E5CF5193132A446A45CAB55E55EB3062ED8A1004C50F3FCBA1FDCC6A9C18941FE23BDD49EF7CD5DAB7714906A5F6BED00194CA44A7F921A6A831EE1613A30DBBA1BD7E336DDC00F67E4B515BA0330565C11447AE6BCC252E15359CA661E99A589061CDC4B053D47352C186AE43F3E28A9AF64948B73E2AA2E01DCC1986DE4DF40FD67CFD823C1A456294789191D1780B33309F7C0A214DA4551F47CFC3BF4021E6B17BBF90192FB700CD3612EBC802F26B115A1B55D3DD27DDE74213AB1F0B6C20D8F176F7A37548DD8D4D11FD082399492EC013ECB0932119833CB9C8BC35B32F539C92003FBE919E5E033089DE9D5F5957B76D028E450A13E0B0E95199D04D38D00311320722AE5E014CFAC7D4AF2A4C82E5B074202B5B065DAEA3740EFF5F58E539E76E7ECBA2AC810E2F06175B15E12F5F9A17D589F27F9055A3978732D4886A4571A0B85F2FCF07921604808E3C62A489283CF21804FB7EFC8794D23D55F59EE1373C996DC5E81F9AEA84BDB94621EA056B247DAFBD8B28795F55F3D55343E2C7F1B78C0392EF5BBA71B1315001D4EF96C5A00C76DD64EB815D3E346BF21BE5BBE4E01E87CB01FF019ADDC171545EED8704AAFECE2C244770FD9228361E7B982646DE0374B129FCE047A7D0BF90C09C072739C161CF4253AC0F4F581B7ACE2A57AFDA99683DDEF8DDFBF5A5E86897ABB736D21D00F2E50FAD8"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(4164)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
Heure de fin: 2009-04-21 23:41
ComboFix-quarantined-files.txt 2009-04-21 21:41
ComboFix2.txt 2009-04-21 04:57
Avant-CF: 156 981 891 072 bytes free
Après-CF: 157 028 085 760 bytes free
278 --- E O F --- 2009-04-19 11:45
J'espère que mon étourderie n'a pas rendu les choses plus difficiles.
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
22 avril 2009 à 04:41
22 avril 2009 à 04:41
Depuis quand as-tu ce problème de redirections sur Google ?
Avant d'essayer de désinfecter, une remarque importante :
Tu sembles avoir une version non-officielle de Windows... Sache que certaines de ces versions sont elles-mêmes infectées, et que même si ce n'est pas le cas, tu ne peux pas bénéficier des mises à jour de sécurité fournies par Microsoft, ce qui rend ton ordinateur très vulnérable...
Combofix n'a rien supprimé, mais il donne quelques infos utiles. Il semble y avoir des restes de la barre d'outil Ask sur ton ordinateur, qui effectue justement des redirections : FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
Ce genre de barre d'outil est souvent proposé lors de l'installation de programmes gratuits : il faut lire attentivement et décocher tous les programmes additionnels qui sont proposés dans ces cas là, en particulier les barres d'outils !
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)
Avant d'essayer de désinfecter, une remarque importante :
Tu sembles avoir une version non-officielle de Windows... Sache que certaines de ces versions sont elles-mêmes infectées, et que même si ce n'est pas le cas, tu ne peux pas bénéficier des mises à jour de sécurité fournies par Microsoft, ce qui rend ton ordinateur très vulnérable...
Combofix n'a rien supprimé, mais il donne quelques infos utiles. Il semble y avoir des restes de la barre d'outil Ask sur ton ordinateur, qui effectue justement des redirections : FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
Ce genre de barre d'outil est souvent proposé lors de l'installation de programmes gratuits : il faut lire attentivement et décocher tous les programmes additionnels qui sont proposés dans ces cas là, en particulier les barres d'outils !
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)
theodiablo
Messages postés
53
Date d'inscription
mardi 5 février 2008
Statut
Membre
Dernière intervention
22 avril 2009
22 avril 2009 à 07:49
22 avril 2009 à 07:49
ce problème de redirection apparait depuis un petit moment déja.
ma version de windows ne serait donc pas officielle? comment le sait-on? comment la remettre à niveau?
pour la barre d'outil, j'ai l'habitude de décocher les cases, mais une fois j'avais oublié, j'ai essayé de la supprimer dans ajout/suppression de programmes, je pensais que c'était bon... apparement non.
voici le log obtenu avec Toolbar-S&D :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Theodiablo ( Administrator )
BOOT : Normal boot
Antivirus : Antivirus BitDefender 12.0 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:269 Go (Free:144 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 22/04/2009| 7:41 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
1 - "C:\ToolBar SD\TB_1.txt" - 22/04/2009| 7:42 - Option : [1]
-----------\\ Fin du rapport a 7:42:33,78
ma version de windows ne serait donc pas officielle? comment le sait-on? comment la remettre à niveau?
pour la barre d'outil, j'ai l'habitude de décocher les cases, mais une fois j'avais oublié, j'ai essayé de la supprimer dans ajout/suppression de programmes, je pensais que c'était bon... apparement non.
voici le log obtenu avec Toolbar-S&D :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Theodiablo ( Administrator )
BOOT : Normal boot
Antivirus : Antivirus BitDefender 12.0 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:269 Go (Free:144 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 22/04/2009| 7:41 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
1 - "C:\ToolBar SD\TB_1.txt" - 22/04/2009| 7:42 - Option : [1]
-----------\\ Fin du rapport a 7:42:33,78
theodiablo
Messages postés
53
Date d'inscription
mardi 5 février 2008
Statut
Membre
Dernière intervention
22 avril 2009
22 avril 2009 à 11:23
22 avril 2009 à 11:23
Salut,
j'ai ce problème de redirection depuis un petit moment déja.
Ma version de windows ne serait donc pas officielle? Comment peut-on le voir? Comment la mettre à niveau?
La barre d'outil c'est vrai qu'une fois j'en ai accepté une sans faire attention, j'ai essayé de la desinstaller grace à ajout/suppression de programmes, mais apparemment ca n'a pas marché....
voici le log obtenu :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Theodiablo ( Administrator )
BOOT : Normal boot
Antivirus : Antivirus BitDefender 12.0 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:269 Go (Free:144 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 22/04/2009| 10:41 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
1 - "C:\ToolBar SD\TB_1.txt" - 22/04/2009| 7:42 - Option : [1]
-----------\\ Fin du rapport a 10:42:33,78
j'ai ce problème de redirection depuis un petit moment déja.
Ma version de windows ne serait donc pas officielle? Comment peut-on le voir? Comment la mettre à niveau?
La barre d'outil c'est vrai qu'une fois j'en ai accepté une sans faire attention, j'ai essayé de la desinstaller grace à ajout/suppression de programmes, mais apparemment ca n'a pas marché....
voici le log obtenu :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Theodiablo ( Administrator )
BOOT : Normal boot
Antivirus : Antivirus BitDefender 12.0 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:269 Go (Free:144 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 22/04/2009| 10:41 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
1 - "C:\ToolBar SD\TB_1.txt" - 22/04/2009| 7:42 - Option : [1]
-----------\\ Fin du rapport a 10:42:33,78
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
22 avril 2009 à 16:44
22 avril 2009 à 16:44
.
theodiablo
Messages postés
53
Date d'inscription
mardi 5 février 2008
Statut
Membre
Dernière intervention
22 avril 2009
22 avril 2009 à 17:52
22 avril 2009 à 17:52
désolé pour le double post...
les messages écrits ne se sont pas affichés...
les messages écrits ne se sont pas affichés...
Bonjour,
j'ai eu beaucoup de problèmes avec mon ordinateur suite à ces manip (je ne sais pas si c'est à cause des scans que j'ai effectué)
bref, je me suis retrouvé avec un problème fort embarassant: quand je démarais mon ordinateur, je devais rentrer mon mot de passe comme d'habitude, sauf qu'après l'avoir rentré, mon fond d'écran apparaissait puis je revenais à la page où je devais rentrer mon mot de passe, tout ca sans message d'erreur. j'ai meme essayé en mode sans echec, avec la session administrateur, c'était le même problème.
je vais donc réinstaller xp dessus, en attendant je suis sous ubuntu parce que j'avais fait un dualboot, je trouve ca très sympa aussi, je me demande si je ne vais pas rester dessu!
Merci pour vos réponses,
A bientot!
j'ai eu beaucoup de problèmes avec mon ordinateur suite à ces manip (je ne sais pas si c'est à cause des scans que j'ai effectué)
bref, je me suis retrouvé avec un problème fort embarassant: quand je démarais mon ordinateur, je devais rentrer mon mot de passe comme d'habitude, sauf qu'après l'avoir rentré, mon fond d'écran apparaissait puis je revenais à la page où je devais rentrer mon mot de passe, tout ca sans message d'erreur. j'ai meme essayé en mode sans echec, avec la session administrateur, c'était le même problème.
je vais donc réinstaller xp dessus, en attendant je suis sous ubuntu parce que j'avais fait un dualboot, je trouve ca très sympa aussi, je me demande si je ne vais pas rester dessu!
Merci pour vos réponses,
A bientot!