System security
Selektor
-
Selektor -
Selektor -
Bonjour,
Comme pas mal de personnes je viens de me choper cette saleté de system security 2009. J'ai bien evidemment essayer de l'enlever de le supprimer etc. J'ai donc essayé de passer un coup d ad'aware mais rien ne veut s'executer. Je ne peux rien faire hormis aller sur le net (heureusement).
Mon plus gros soucis reste le fait de ne rien pouvoir faire partir, meme messenger ne repond plus. Alors quelqu un pouvait m'aider...
Je vous remercie
Comme pas mal de personnes je viens de me choper cette saleté de system security 2009. J'ai bien evidemment essayer de l'enlever de le supprimer etc. J'ai donc essayé de passer un coup d ad'aware mais rien ne veut s'executer. Je ne peux rien faire hormis aller sur le net (heureusement).
Mon plus gros soucis reste le fait de ne rien pouvoir faire partir, meme messenger ne repond plus. Alors quelqu un pouvait m'aider...
Je vous remercie
A voir également:
- System security
- Reboot system now - Guide
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Hns-accessible-system-folder ✓ - Forum Réseau
- Cette action ne peut pas être réalisée car le fichier est ouvert dans system - Guide
- Mail delivery system ✓ - Forum Virus
16 réponses
Bonjour,
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
PS : si ComboFix ne se lance pas, renomme-le en CCM puis exécute-le.
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
PS : si ComboFix ne se lance pas, renomme-le en CCM puis exécute-le.
Je n'arrive même pas a ouvrir mon antivirus pour le desactiver. Aucun programme ne peut se lancer. Il a surement une manip pour que je puisse y acceder?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
Même ça je ne peux pas l'ouvrir, aucune application ne veut se lancer, même quand je redemarre le pc cette saleté se met en place avant que j'ai le temps d faire quoi que se soit
---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.
Bien joué, j'ai lancé combofix en ayant redemarré en mode sans echec, visiblement ça a fonctionné donc merci beaucoup a toi pour tes savants conseils
ComboFix 09-06-26.02 - Lherbier 28/06/2009 17:56.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.794 [GMT 2:00]
Lancé depuis: c:\documents and settings\Lherbier\Bureau\CCM.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\10623914
c:\documents and settings\All Users\Application Data\10623914\10623914
c:\documents and settings\All Users\Application Data\10623914\10623914.exe
c:\documents and settings\Lherbier\Application Data\digifast
c:\documents and settings\Lherbier\Application Data\digifast\config.cfg
c:\documents and settings\Lherbier\Application Data\digifast\DFUninstall.exe
c:\documents and settings\Lherbier\Application Data\wiaserva.log
c:\documents and settings\Lherbier\Application Data\wiaservg.log
c:\documents and settings\Lherbier\Bureau\System Security 2009.lnk
c:\documents and settings\Lherbier\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Lherbier\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Lherbier\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Jcore
c:\program files\Jcore\Jcore2.dll
c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
c:\program files\WWShow
c:\windows\Install.txt
c:\windows\KBPK090628.log
c:\windows\svhost.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\drivers\ac242696.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\gsf83iujid.dll
c:\windows\system32\Install.txt
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\msncache.dll
c:\windows\system32\pwdmon.dll
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wiawow32.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_msncache
-------\Legacy_PERFORMANCE_MONITOR
-------\Legacy_sopidkc
-------\Service_6to4
-------\Service_dhcpsrv
-------\Service_msncache
-------\Service_Performance Monitor
-------\Service_sopidkc
-------\Service_ac242696
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-06-28 ))))))))))))))))))))))))))))))))))))
.
2009-06-28 12:51 . 2009-06-28 15:03 -------- d-----w- c:\windows\DLL
2009-06-28 12:50 . 2009-06-28 12:50 86016 ----a-w- c:\windows\system32\lich.exe
2009-06-28 12:49 . 2009-06-28 12:49 12288 ----a-w- c:\windows\xfjfjdriri64u53qggrhy3axx81.exe
2009-06-28 12:49 . 2009-06-28 16:02 -------- d-sh--r- c:\program files\Manson
2009-06-28 12:48 . 2009-06-28 12:48 28672 ----a-w- C:\xesrtex.exe
2009-06-28 12:48 . 2009-06-28 12:48 211290 ----a-w- C:\nxqc.exe
2009-06-28 12:47 . 2009-06-28 12:47 494592 ----a-w- c:\windows\liel.exe
2009-06-23 11:08 . 2009-06-23 11:08 13824 ----a-w- c:\documents and settings\Lherbier\Application Data\cft\cft.exe
2009-06-23 11:08 . 2009-06-23 11:08 -------- d-----w- c:\documents and settings\Lherbier\Application Data\cft
2009-06-23 10:57 . 2009-06-28 13:29 -------- d-----w- c:\documents and settings\Lherbier\Application Data\pridl
2009-06-23 10:57 . 2009-06-28 10:22 11264 ----a-w- c:\documents and settings\Lherbier\Application Data\pridl\pridl.exe
2009-06-21 16:31 . 2009-06-27 10:37 -------- d-----w- c:\documents and settings\Lherbier\Local Settings\Application Data\AskToolbar
2009-06-21 16:31 . 2009-06-21 16:31 -------- d-----w- c:\program files\Ask.com
2009-06-21 16:31 . 2009-06-28 12:52 -------- d-----w- c:\documents and settings\Lherbier\Local Settings\Application Data\FLVService
2009-06-21 16:31 . 2009-06-21 16:31 -------- d-----w- c:\program files\Ask & Record Toolbar
2009-06-21 16:31 . 2009-06-21 16:31 -------- d-----w- c:\windows\Ask & Record Toolbar
2009-06-01 15:11 . 2009-06-01 15:11 -------- d-----w- c:\program files\DVD Decrypter
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 10:31 . 2009-02-18 13:16 -------- d-----w- c:\documents and settings\Lherbier\Application Data\CamfrogWEB
2009-06-27 10:31 . 2009-02-18 13:16 -------- d-----w- c:\program files\CFWebAdvancedU
2009-06-15 11:24 . 2009-01-05 12:47 -------- d-----w- c:\documents and settings\Lherbier\Application Data\uTorrent
2009-06-02 10:44 . 2005-11-26 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 14:59 . 2005-11-26 12:44 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-06-01 14:58 . 2005-11-26 12:30 65288 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 14:29 . 2006-01-11 17:03 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-01 14:00 . 2009-01-31 02:54 -------- d-----w- c:\program files\Dofus
2009-06-01 13:59 . 2006-01-12 20:47 -------- d-----w- c:\program files\YDKJWIN
2009-06-01 13:57 . 2007-07-21 11:40 -------- d-----w- c:\program files\Firefly Studios
2009-06-01 13:55 . 2007-07-21 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2009-06-01 13:31 . 1980-01-01 08:00 76582 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-01 13:31 . 1980-01-01 08:00 471484 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-26 20:11 . 2009-05-14 05:04 3282755 ---h--r- c:\documents and settings\Lherbier\Application Data\WindowsLive.exe
2009-05-26 20:11 . 2009-05-14 05:04 3282755 ---h--r- c:\documents and settings\Lherbier\Application Data\WindowsLive.exe
2009-05-07 15:43 . 1980-01-01 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 1980-01-01 08:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2005-11-26 12:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 20:17 . 2009-04-28 19:22 408 ----a-w- c:\documents and settings\Lherbier\errorlog.tmp
2009-04-19 20:09 . 1980-01-01 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:17 . 1980-01-01 08:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-03-16 00:10 . 2009-01-08 11:59 23370 ----a-w- c:\program files\Illustrator CS3 — Lisez-moi.html
2004-04-09 13:13 . 2007-04-29 16:39 114688 ----a-w- c:\program files\NETGEAR DG632 USB Driveruninstalldrv.exe
.
------- Sigcheck -------
[7] 2004-08-20 00:10 14336 2979B03D5382A602623C0535B16AB9C0 c:\windows\system32\svchost.exe
[7] 2005-03-02 18:20 578048 C34920EB988CE98910BD6B0417F334EB c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:50 579072 4D88AAF39ADABFE45958EA1384E2C4FF c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-20 00:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2007-03-08 15:37 578560 753354F594809A9B96F73999B435A533 c:\windows\system32\user32.dll
[7] 2007-03-08 15:37 578560 753354F594809A9B96F73999B435A533 c:\windows\system32\dllcache\user32.dll
[7] 2004-08-20 00:09 82944 EED74B969B2CA1ACC558FF60FB420E28 c:\windows\system32\ws2_32.dll
[7] 2005-10-21 03:39 665600 D327378CEEF9A141C7352691FC30A0DA c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 04:00 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:26 667648 44FCC339191ADB8892520DFA473C455F c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-06-23 11:25 668672 582953780721AC5D38F98CAB229EC7B9 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2006-09-14 08:38 668672 B8B6F05885A6F42724E8D6BFEDE6BD3F c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[7] 2007-03-23 09:29 823296 375B58A68A016546535A84060092325C c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 08:26 823808 47DDAD237F60729DEA2B9E0E2382B58F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:14 824320 7201D19B81883B57D5FFE8EBB5A83E8B c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 09:49 825344 2DD1B0F579C80562EDCB8848FF7EA9F6 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:22 825344 871AE10D6AE8877E9636AE5017953D52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:33 827904 37D1A1BFE3D9904F2C3D11592456F9C0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:47 827904 4E192082A5FCE9EF19198A24CDEA3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:15 828416 39F71B559A97ED722F939A0EA7235323 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:37 828928 754097815B575A721AB58B1C55476805 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2004-08-20 00:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:41 662528 E41E8FDF62CF20F2E2B16D800D96EB51 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:35 662528 19E1A21F21BC938A92EE8BE630994493 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:11 663040 4F343F414F05E81CF61B1001634FC6B7 c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-09-14 08:40 663040 B1E994472F3574DB141266F1AA905433 c:\windows\ie7\wininet.dll
[7] 2006-11-07 20:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2007-01-12 08:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-02-27 13:26 822784 75DE73E328E300CAED5965FAEA2F5D3F c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 07:40 822784 2C138AB59E2FFA06E8952AE656E443C5 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 13:24 823808 2274862267D7445E7010D9AF826E89C3 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 09:59 824832 F6DFCEED3A7AA4C9EEB966D3F1ADC70A c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:49 824832 BC5119C53BDD48DABC628D448A3BDCCB c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:18 826368 CFBFA47415E85018E2CDC509E5E3D011 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 22:47 826368 0551C946E305CEE0A79BA744DC141BFC c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:13 826368 68A2567FDD62AE7E31D8A885C5173EF9 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:45 827392 08EFECB3F17F38F23F14148D374ACBC9 c:\windows\system32\wininet.dll
[7] 2009-04-29 04:45 827392 08EFECB3F17F38F23F14148D374ACBC9 c:\windows\system32\dllcache\wininet.dll
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 07:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-12-26 14:37 359808 A938AD950B872200851574E9EBAC8535 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-03-12 17:43 359808 6EC61BD19B85B461B2F2088EE4C22F43 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-20 00:10 506368 123EEA158F74D0F67A51DCDF065D1091 c:\windows\system32\winlogon.exe
[-] 2009-06-28 16:13 212480 0B4ACD7FCC288B59FA48AEC37856D012 c:\windows\system32\dllcache\ndis.sys
[-] 2009-06-28 16:13 212480 0B4ACD7FCC288B59FA48AEC37856D012 c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 07:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[7] 2004-08-04 07:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[7] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2006-12-19 18:45 2061440 8B039EFBE4C9AA23F152FFA0E238B8FA c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 16:08 2061440 7A56A64EB50399613587E90292DD2AAB c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-09 11:42 2065024 0150FE5C1E07F8AE422FEC6C8E8A0C98 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-10 17:06 2068096 F751E041E682F53EAF34F7FAEA78994D c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-09 11:17 2068224 ED5E20AE4AC5A63A4FF43FFE704A5153 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 13:39 2065024 DCBC1A6D150B5EE1BD6257186157B0F3 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 18:26 2068096 755B50949D0DBC0F0136B0DB58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2004-08-20 00:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 18:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2006-12-19 18:22 2059648 06015D137B02542F07D5CD7B144DF942 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 16:02 2059648 A1D5231403329478AE4FE2778C55C77F c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2006-12-19 18:45 2184064 1F3FA2065E6E043A1D82A487B5DA309C c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 16:08 2184192 8E244108562E0E452EB68DFF64CB08A9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 11:43 2188160 B55AA66BC9269BC5257B915FFDAA790B c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 11:24 2191104 AB896577F35CF5FED7A9F87D3C3205ED c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-10 17:16 2191232 BEF458B8424553279E95E250D1E0CE7E c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 13:39 2188032 C6649255E51F145B6E15C505AB68E459 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 18:26 2191232 D79210549BBF09B7638E860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2004-08-20 00:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2006-12-19 18:22 2182400 D27929DB7B7F92F9D0F8EC9BA01C601C c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 16:02 2182400 7D6D19AAC51A4325F6039F083C22303C c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2007-06-13 13:22 1037312 D0288319660EDCFED07C7E74C4EA38A5 c:\windows\explorer.exe
[-] 2007-06-13 13:10 1037312 2C85126ECB07B4B5BE414B80798E9F72 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-20 00:09 1036288 9557692F15316457B83EEC5C2831125A c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 13:22 1037312 2213A157D137B9F28EB96058E186EBFB c:\windows\system32\dllcache\explorer.exe
[-] 2009-02-09 09:53 111104 EEFFC14B162A2B42CFF67AEE6EF1D5E6 c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-09 11:23 111104 CFB7913977E16CA47257F36D97F89146 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 11:16 111104 45F800D8CBF23B6B41AF87F937C73856 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-20 00:10 108544 514E49F883229828E7E9698E9E47FE31 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-09 10:08 111104 9D6BF82FE50D55F20F8E10E0F6653886 c:\windows\system32\services.exe
[-] 2009-02-09 10:08 111104 C1D76059ADB2383190C30F9231738D07 c:\windows\system32\dllcache\services.exe
[7] 2004-08-20 00:09 13312 259AF82A0932EEA4F316F92DB94707B6 c:\windows\system32\lsass.exe
[7] 2004-08-20 00:09 15360 64E41E8FEE655B03E3F19DED21BA5118 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 DC7720928E90A3A94E07654C24868444 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-20 00:10 57856 F8F37CB01C43F44AA608BBF4E78364FB c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[-] 2004-08-20 00:10 45056 99B545B2F56646CDD5F3EB2C2A35CF22 c:\windows\system32\userinit.exe
[7] 2004-08-20 00:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 c:\windows\system32\termsrv.dll
[7] 2006-07-05 10:58 1050112 FB85EF2A6713E3A58A497E093626B93C c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2007-04-16 16:11 1051136 62E3F0E9ABFCBCEE62C51546F622C455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:58 1054208 2087E2764822A8D93A4CA7FA0FED35E8 c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:07 1054720 98F08549604D090B6B2514AF845F329F c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 14:00 1056768 C3AF0EEE26B59484E674673E3016AAB7 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-20 00:09 1048576 C88F74591579DBDE273C61312B2D3886 c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:56 1049088 CE4AF1FA47A29ADF97CB107775CE395C c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:53 1049600 6F1FE2AE7B22EB9CED1BFF533C9455EA c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:20 1051136 534040750B9E70B156A98F5D0E8F6D2A c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:20 1051136 534040750B9E70B156A98F5D0E8F6D2A c:\windows\system32\dllcache\kernel32.dll
[7] 2004-08-20 00:09 17408 29D5E58FB089C41898A81BD4C8970F22 c:\windows\system32\powrprof.dll
[7] 2004-08-20 00:09 110080 E55DAFA1A354BD5CB69151563DC9748A c:\windows\system32\imm32.dll
[7] 2004-08-20 00:09 1548288 6D8F3AC555E3F8A569AA9B2A817698C1 c:\windows\system32\sfcfiles.dll
[7] 2004-08-20 00:09 176640 7E9D138DC991BCCE6E6026CD74E69CC4 c:\windows\system32\appmgmts.dll
[7] 2004-08-20 00:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Windows Live"="c:\documents and settings\Lherbier\Application Data\WindowsLive.exe" [2009-05-26 3282755]
"cft"="c:\documents and settings\Lherbier\Application Data\cft\cft.exe" [2009-06-23 13824]
"pridl"="c:\documents and settings\Lherbier\Application Data\pridl\pridl.exe" [2009-06-28 11264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397824]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-27 180269]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2006-09-05 26248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-18 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"LIEL"="c:\windows\liel.exe" [2009-06-28 494592]
"SVHOST"="c:\windows\svhost.exe" [2009-06-28 494592]
"reader_s"="c:\windows\System32\reader_s.exe" [2009-06-28 47104]
"15031534"="c:\documents and settings\All Users\Application Data\15031534\15031534.exe" [2009-06-28 1461830]
"S3TRAY2"="S3Tray2.exe" - c:\windows\system32\S3Tray2.exe [2001-10-12 69632]
"TrackPointSrv"="tp4serv.exe" - c:\windows\system32\tp4serv.exe [2003-11-13 94208]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2002-09-04 53248]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-20 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
"reader_s"="c:\documents and settings\Lherbier\reader_s.exe" [2009-06-28 20480]
c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]
c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]
c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-7 131072]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-12-15 1032192]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-26 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-9-11 135168]
c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 11:07 262144 ----a-w- c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 04:11 24576 ----a-w- c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Lherbier\\Mes documents\\Programmes\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [26/11/2005 14:53 16384]
R2 EraserSvc10732;Symantec Eraser Service;c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe [03/09/2006 01:04 108648]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [24/09/2004 03:39 64256]
R2 lich;lich;c:\windows\system32\lich.exe [28/06/2009 14:50 86016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2007 21:50 112688]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [01/01/1980 10:00 13904]
S2 xfjfjdriri64u53qggrhy3axx80;xfjfjdriri64u53qggrhy3axx80;c:\windows\xfjfjdriri64u53qggrhy3axx81.exe [28/06/2009 14:49 12288]
S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\HDJCTRL.sys [06/09/2007 18:59 11008]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [06/09/2007 18:59 39424]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [25/02/2003 19:06 802683]
S3 pcidisk;pcidisk;c:\windows\system32\pcidisk.sys [01/01/1980 10:00 2304]
S3 protect;protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\protect.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [26/11/2005 14:50 12288]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [17/04/2009 20:59 16640]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - egathdrv
.
Contenu du dossier 'Tâches planifiées'
2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2009-06-05 c:\windows\Tasks\Norton AntiVirus - Analyse système complète - Lherbier.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-06 21:38]
2009-06-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-04 16:04]
2009-06-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{D76AB2A1-00F3-42BD-F434-00BBC39C8953} - c:\windows\system32\gsf83iujid.dll
HKCU-Run-Windows Intranet controller - c:\windows\security\lsass.exe
HKCU-Run-DigiFast - c:\documents and settings\Lherbier\Application Data\digifast\digifast.exe
HKLM-Run-EdenFlirt - c:\program files\Eden Flirt\EdenFlirt.exe
HKLM-Run-Windows Intranet controller - c:\windows\security\lsass.exe
HKLM-Run-10623914 - c:\documents and settings\All Users\Application Data\10623914\10623914.exe
HKLM-Run-UC_SMB - (no file)
SharedTaskScheduler-{D76AB2A1-00F3-42BD-F434-00BBC39C8953} - c:\windows\system32\gsf83iujid.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Lherbier\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
Trusted Zone: chat-land.org
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 18:07
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\B.tmp 84 bytes
c:\documents and settings\Lherbier\Application Data\wiaserva.log 8 bytes
c:\documents and settings\Lherbier\Application Data\wiaservg.log 12 bytes
Scan terminé avec succès
Fichiers cachés: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5f558821]
"ImagePath"="\SystemRoot\System32\drivers\5f558821.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\tphklock.dll
- - - - - - - > 'explorer.exe'(4900)
c:\documents and settings\Lherbier\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\HPZipm12.exe
c:\docume~1\Lherbier\LOCALS~1\temp\LiveProfile.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Heure de fin: 2009-06-28 18:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-28 16:17
Avant-CF: 7 806 320 640 octets libres
Après-CF: 8 368 746 496 octets libres
446 --- E O F --- 2009-06-11 11:28
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.794 [GMT 2:00]
Lancé depuis: c:\documents and settings\Lherbier\Bureau\CCM.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\10623914
c:\documents and settings\All Users\Application Data\10623914\10623914
c:\documents and settings\All Users\Application Data\10623914\10623914.exe
c:\documents and settings\Lherbier\Application Data\digifast
c:\documents and settings\Lherbier\Application Data\digifast\config.cfg
c:\documents and settings\Lherbier\Application Data\digifast\DFUninstall.exe
c:\documents and settings\Lherbier\Application Data\wiaserva.log
c:\documents and settings\Lherbier\Application Data\wiaservg.log
c:\documents and settings\Lherbier\Bureau\System Security 2009.lnk
c:\documents and settings\Lherbier\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Lherbier\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Lherbier\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Jcore
c:\program files\Jcore\Jcore2.dll
c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
c:\program files\WWShow
c:\windows\Install.txt
c:\windows\KBPK090628.log
c:\windows\svhost.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\drivers\ac242696.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\gsf83iujid.dll
c:\windows\system32\Install.txt
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\msncache.dll
c:\windows\system32\pwdmon.dll
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wiawow32.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_msncache
-------\Legacy_PERFORMANCE_MONITOR
-------\Legacy_sopidkc
-------\Service_6to4
-------\Service_dhcpsrv
-------\Service_msncache
-------\Service_Performance Monitor
-------\Service_sopidkc
-------\Service_ac242696
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-06-28 ))))))))))))))))))))))))))))))))))))
.
2009-06-28 12:51 . 2009-06-28 15:03 -------- d-----w- c:\windows\DLL
2009-06-28 12:50 . 2009-06-28 12:50 86016 ----a-w- c:\windows\system32\lich.exe
2009-06-28 12:49 . 2009-06-28 12:49 12288 ----a-w- c:\windows\xfjfjdriri64u53qggrhy3axx81.exe
2009-06-28 12:49 . 2009-06-28 16:02 -------- d-sh--r- c:\program files\Manson
2009-06-28 12:48 . 2009-06-28 12:48 28672 ----a-w- C:\xesrtex.exe
2009-06-28 12:48 . 2009-06-28 12:48 211290 ----a-w- C:\nxqc.exe
2009-06-28 12:47 . 2009-06-28 12:47 494592 ----a-w- c:\windows\liel.exe
2009-06-23 11:08 . 2009-06-23 11:08 13824 ----a-w- c:\documents and settings\Lherbier\Application Data\cft\cft.exe
2009-06-23 11:08 . 2009-06-23 11:08 -------- d-----w- c:\documents and settings\Lherbier\Application Data\cft
2009-06-23 10:57 . 2009-06-28 13:29 -------- d-----w- c:\documents and settings\Lherbier\Application Data\pridl
2009-06-23 10:57 . 2009-06-28 10:22 11264 ----a-w- c:\documents and settings\Lherbier\Application Data\pridl\pridl.exe
2009-06-21 16:31 . 2009-06-27 10:37 -------- d-----w- c:\documents and settings\Lherbier\Local Settings\Application Data\AskToolbar
2009-06-21 16:31 . 2009-06-21 16:31 -------- d-----w- c:\program files\Ask.com
2009-06-21 16:31 . 2009-06-28 12:52 -------- d-----w- c:\documents and settings\Lherbier\Local Settings\Application Data\FLVService
2009-06-21 16:31 . 2009-06-21 16:31 -------- d-----w- c:\program files\Ask & Record Toolbar
2009-06-21 16:31 . 2009-06-21 16:31 -------- d-----w- c:\windows\Ask & Record Toolbar
2009-06-01 15:11 . 2009-06-01 15:11 -------- d-----w- c:\program files\DVD Decrypter
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 10:31 . 2009-02-18 13:16 -------- d-----w- c:\documents and settings\Lherbier\Application Data\CamfrogWEB
2009-06-27 10:31 . 2009-02-18 13:16 -------- d-----w- c:\program files\CFWebAdvancedU
2009-06-15 11:24 . 2009-01-05 12:47 -------- d-----w- c:\documents and settings\Lherbier\Application Data\uTorrent
2009-06-02 10:44 . 2005-11-26 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 14:59 . 2005-11-26 12:44 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-06-01 14:58 . 2005-11-26 12:30 65288 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 14:29 . 2006-01-11 17:03 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-01 14:00 . 2009-01-31 02:54 -------- d-----w- c:\program files\Dofus
2009-06-01 13:59 . 2006-01-12 20:47 -------- d-----w- c:\program files\YDKJWIN
2009-06-01 13:57 . 2007-07-21 11:40 -------- d-----w- c:\program files\Firefly Studios
2009-06-01 13:55 . 2007-07-21 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2009-06-01 13:31 . 1980-01-01 08:00 76582 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-01 13:31 . 1980-01-01 08:00 471484 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-26 20:11 . 2009-05-14 05:04 3282755 ---h--r- c:\documents and settings\Lherbier\Application Data\WindowsLive.exe
2009-05-26 20:11 . 2009-05-14 05:04 3282755 ---h--r- c:\documents and settings\Lherbier\Application Data\WindowsLive.exe
2009-05-07 15:43 . 1980-01-01 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 1980-01-01 08:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2005-11-26 12:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 20:17 . 2009-04-28 19:22 408 ----a-w- c:\documents and settings\Lherbier\errorlog.tmp
2009-04-19 20:09 . 1980-01-01 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:17 . 1980-01-01 08:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-03-16 00:10 . 2009-01-08 11:59 23370 ----a-w- c:\program files\Illustrator CS3 — Lisez-moi.html
2004-04-09 13:13 . 2007-04-29 16:39 114688 ----a-w- c:\program files\NETGEAR DG632 USB Driveruninstalldrv.exe
.
------- Sigcheck -------
[7] 2004-08-20 00:10 14336 2979B03D5382A602623C0535B16AB9C0 c:\windows\system32\svchost.exe
[7] 2005-03-02 18:20 578048 C34920EB988CE98910BD6B0417F334EB c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:50 579072 4D88AAF39ADABFE45958EA1384E2C4FF c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-20 00:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2007-03-08 15:37 578560 753354F594809A9B96F73999B435A533 c:\windows\system32\user32.dll
[7] 2007-03-08 15:37 578560 753354F594809A9B96F73999B435A533 c:\windows\system32\dllcache\user32.dll
[7] 2004-08-20 00:09 82944 EED74B969B2CA1ACC558FF60FB420E28 c:\windows\system32\ws2_32.dll
[7] 2005-10-21 03:39 665600 D327378CEEF9A141C7352691FC30A0DA c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 04:00 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:26 667648 44FCC339191ADB8892520DFA473C455F c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-06-23 11:25 668672 582953780721AC5D38F98CAB229EC7B9 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2006-09-14 08:38 668672 B8B6F05885A6F42724E8D6BFEDE6BD3F c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[7] 2007-03-23 09:29 823296 375B58A68A016546535A84060092325C c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 08:26 823808 47DDAD237F60729DEA2B9E0E2382B58F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:14 824320 7201D19B81883B57D5FFE8EBB5A83E8B c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 09:49 825344 2DD1B0F579C80562EDCB8848FF7EA9F6 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:22 825344 871AE10D6AE8877E9636AE5017953D52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:33 827904 37D1A1BFE3D9904F2C3D11592456F9C0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:47 827904 4E192082A5FCE9EF19198A24CDEA3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:15 828416 39F71B559A97ED722F939A0EA7235323 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:37 828928 754097815B575A721AB58B1C55476805 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2004-08-20 00:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:41 662528 E41E8FDF62CF20F2E2B16D800D96EB51 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:35 662528 19E1A21F21BC938A92EE8BE630994493 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:11 663040 4F343F414F05E81CF61B1001634FC6B7 c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-09-14 08:40 663040 B1E994472F3574DB141266F1AA905433 c:\windows\ie7\wininet.dll
[7] 2006-11-07 20:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2007-01-12 08:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-02-27 13:26 822784 75DE73E328E300CAED5965FAEA2F5D3F c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 07:40 822784 2C138AB59E2FFA06E8952AE656E443C5 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 13:24 823808 2274862267D7445E7010D9AF826E89C3 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 09:59 824832 F6DFCEED3A7AA4C9EEB966D3F1ADC70A c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:49 824832 BC5119C53BDD48DABC628D448A3BDCCB c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:18 826368 CFBFA47415E85018E2CDC509E5E3D011 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 22:47 826368 0551C946E305CEE0A79BA744DC141BFC c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:13 826368 68A2567FDD62AE7E31D8A885C5173EF9 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:45 827392 08EFECB3F17F38F23F14148D374ACBC9 c:\windows\system32\wininet.dll
[7] 2009-04-29 04:45 827392 08EFECB3F17F38F23F14148D374ACBC9 c:\windows\system32\dllcache\wininet.dll
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 07:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-12-26 14:37 359808 A938AD950B872200851574E9EBAC8535 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-03-12 17:43 359808 6EC61BD19B85B461B2F2088EE4C22F43 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-20 00:10 506368 123EEA158F74D0F67A51DCDF065D1091 c:\windows\system32\winlogon.exe
[-] 2009-06-28 16:13 212480 0B4ACD7FCC288B59FA48AEC37856D012 c:\windows\system32\dllcache\ndis.sys
[-] 2009-06-28 16:13 212480 0B4ACD7FCC288B59FA48AEC37856D012 c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 07:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[7] 2004-08-04 07:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[7] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2006-12-19 18:45 2061440 8B039EFBE4C9AA23F152FFA0E238B8FA c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 16:08 2061440 7A56A64EB50399613587E90292DD2AAB c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-09 11:42 2065024 0150FE5C1E07F8AE422FEC6C8E8A0C98 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-10 17:06 2068096 F751E041E682F53EAF34F7FAEA78994D c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-09 11:17 2068224 ED5E20AE4AC5A63A4FF43FFE704A5153 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 13:39 2065024 DCBC1A6D150B5EE1BD6257186157B0F3 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 18:26 2068096 755B50949D0DBC0F0136B0DB58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2004-08-20 00:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 18:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2006-12-19 18:22 2059648 06015D137B02542F07D5CD7B144DF942 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 16:02 2059648 A1D5231403329478AE4FE2778C55C77F c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2006-12-19 18:45 2184064 1F3FA2065E6E043A1D82A487B5DA309C c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 16:08 2184192 8E244108562E0E452EB68DFF64CB08A9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 11:43 2188160 B55AA66BC9269BC5257B915FFDAA790B c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 11:24 2191104 AB896577F35CF5FED7A9F87D3C3205ED c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-10 17:16 2191232 BEF458B8424553279E95E250D1E0CE7E c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 13:39 2188032 C6649255E51F145B6E15C505AB68E459 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 18:26 2191232 D79210549BBF09B7638E860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2004-08-20 00:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2006-12-19 18:22 2182400 D27929DB7B7F92F9D0F8EC9BA01C601C c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 16:02 2182400 7D6D19AAC51A4325F6039F083C22303C c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2007-06-13 13:22 1037312 D0288319660EDCFED07C7E74C4EA38A5 c:\windows\explorer.exe
[-] 2007-06-13 13:10 1037312 2C85126ECB07B4B5BE414B80798E9F72 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-20 00:09 1036288 9557692F15316457B83EEC5C2831125A c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 13:22 1037312 2213A157D137B9F28EB96058E186EBFB c:\windows\system32\dllcache\explorer.exe
[-] 2009-02-09 09:53 111104 EEFFC14B162A2B42CFF67AEE6EF1D5E6 c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-09 11:23 111104 CFB7913977E16CA47257F36D97F89146 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 11:16 111104 45F800D8CBF23B6B41AF87F937C73856 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-20 00:10 108544 514E49F883229828E7E9698E9E47FE31 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-09 10:08 111104 9D6BF82FE50D55F20F8E10E0F6653886 c:\windows\system32\services.exe
[-] 2009-02-09 10:08 111104 C1D76059ADB2383190C30F9231738D07 c:\windows\system32\dllcache\services.exe
[7] 2004-08-20 00:09 13312 259AF82A0932EEA4F316F92DB94707B6 c:\windows\system32\lsass.exe
[7] 2004-08-20 00:09 15360 64E41E8FEE655B03E3F19DED21BA5118 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 DC7720928E90A3A94E07654C24868444 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-20 00:10 57856 F8F37CB01C43F44AA608BBF4E78364FB c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[-] 2004-08-20 00:10 45056 99B545B2F56646CDD5F3EB2C2A35CF22 c:\windows\system32\userinit.exe
[7] 2004-08-20 00:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 c:\windows\system32\termsrv.dll
[7] 2006-07-05 10:58 1050112 FB85EF2A6713E3A58A497E093626B93C c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2007-04-16 16:11 1051136 62E3F0E9ABFCBCEE62C51546F622C455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:58 1054208 2087E2764822A8D93A4CA7FA0FED35E8 c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:07 1054720 98F08549604D090B6B2514AF845F329F c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 14:00 1056768 C3AF0EEE26B59484E674673E3016AAB7 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-20 00:09 1048576 C88F74591579DBDE273C61312B2D3886 c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:56 1049088 CE4AF1FA47A29ADF97CB107775CE395C c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:53 1049600 6F1FE2AE7B22EB9CED1BFF533C9455EA c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:20 1051136 534040750B9E70B156A98F5D0E8F6D2A c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:20 1051136 534040750B9E70B156A98F5D0E8F6D2A c:\windows\system32\dllcache\kernel32.dll
[7] 2004-08-20 00:09 17408 29D5E58FB089C41898A81BD4C8970F22 c:\windows\system32\powrprof.dll
[7] 2004-08-20 00:09 110080 E55DAFA1A354BD5CB69151563DC9748A c:\windows\system32\imm32.dll
[7] 2004-08-20 00:09 1548288 6D8F3AC555E3F8A569AA9B2A817698C1 c:\windows\system32\sfcfiles.dll
[7] 2004-08-20 00:09 176640 7E9D138DC991BCCE6E6026CD74E69CC4 c:\windows\system32\appmgmts.dll
[7] 2004-08-20 00:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Windows Live"="c:\documents and settings\Lherbier\Application Data\WindowsLive.exe" [2009-05-26 3282755]
"cft"="c:\documents and settings\Lherbier\Application Data\cft\cft.exe" [2009-06-23 13824]
"pridl"="c:\documents and settings\Lherbier\Application Data\pridl\pridl.exe" [2009-06-28 11264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397824]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-27 180269]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2006-09-05 26248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-18 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"LIEL"="c:\windows\liel.exe" [2009-06-28 494592]
"SVHOST"="c:\windows\svhost.exe" [2009-06-28 494592]
"reader_s"="c:\windows\System32\reader_s.exe" [2009-06-28 47104]
"15031534"="c:\documents and settings\All Users\Application Data\15031534\15031534.exe" [2009-06-28 1461830]
"S3TRAY2"="S3Tray2.exe" - c:\windows\system32\S3Tray2.exe [2001-10-12 69632]
"TrackPointSrv"="tp4serv.exe" - c:\windows\system32\tp4serv.exe [2003-11-13 94208]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2002-09-04 53248]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-20 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
"reader_s"="c:\documents and settings\Lherbier\reader_s.exe" [2009-06-28 20480]
c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]
c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]
c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-7 131072]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-12-15 1032192]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-26 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-9-11 135168]
c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 11:07 262144 ----a-w- c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 04:11 24576 ----a-w- c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Lherbier\\Mes documents\\Programmes\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [26/11/2005 14:53 16384]
R2 EraserSvc10732;Symantec Eraser Service;c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe [03/09/2006 01:04 108648]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [24/09/2004 03:39 64256]
R2 lich;lich;c:\windows\system32\lich.exe [28/06/2009 14:50 86016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2007 21:50 112688]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [01/01/1980 10:00 13904]
S2 xfjfjdriri64u53qggrhy3axx80;xfjfjdriri64u53qggrhy3axx80;c:\windows\xfjfjdriri64u53qggrhy3axx81.exe [28/06/2009 14:49 12288]
S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\HDJCTRL.sys [06/09/2007 18:59 11008]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [06/09/2007 18:59 39424]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [25/02/2003 19:06 802683]
S3 pcidisk;pcidisk;c:\windows\system32\pcidisk.sys [01/01/1980 10:00 2304]
S3 protect;protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\protect.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [26/11/2005 14:50 12288]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [17/04/2009 20:59 16640]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - egathdrv
.
Contenu du dossier 'Tâches planifiées'
2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2009-06-05 c:\windows\Tasks\Norton AntiVirus - Analyse système complète - Lherbier.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-06 21:38]
2009-06-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-04 16:04]
2009-06-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{D76AB2A1-00F3-42BD-F434-00BBC39C8953} - c:\windows\system32\gsf83iujid.dll
HKCU-Run-Windows Intranet controller - c:\windows\security\lsass.exe
HKCU-Run-DigiFast - c:\documents and settings\Lherbier\Application Data\digifast\digifast.exe
HKLM-Run-EdenFlirt - c:\program files\Eden Flirt\EdenFlirt.exe
HKLM-Run-Windows Intranet controller - c:\windows\security\lsass.exe
HKLM-Run-10623914 - c:\documents and settings\All Users\Application Data\10623914\10623914.exe
HKLM-Run-UC_SMB - (no file)
SharedTaskScheduler-{D76AB2A1-00F3-42BD-F434-00BBC39C8953} - c:\windows\system32\gsf83iujid.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Lherbier\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
Trusted Zone: chat-land.org
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 18:07
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\B.tmp 84 bytes
c:\documents and settings\Lherbier\Application Data\wiaserva.log 8 bytes
c:\documents and settings\Lherbier\Application Data\wiaservg.log 12 bytes
Scan terminé avec succès
Fichiers cachés: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5f558821]
"ImagePath"="\SystemRoot\System32\drivers\5f558821.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\tphklock.dll
- - - - - - - > 'explorer.exe'(4900)
c:\documents and settings\Lherbier\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\HPZipm12.exe
c:\docume~1\Lherbier\LOCALS~1\temp\LiveProfile.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Heure de fin: 2009-06-28 18:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-28 16:17
Avant-CF: 7 806 320 640 octets libres
Après-CF: 8 368 746 496 octets libres
446 --- E O F --- 2009-06-11 11:28
